Full title: GitLens Git Local Configuration Execution Exploit 
Category: local exploits
Platform: multiple
GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10.

# 0day.today @ http://0day.today/