CVE-2026-7725: Python Git Argument Injection Missing Separator
Constructing Git commands with unpacked variables without using the `--` end-of-options separator can lead to argument injection. If user-controlled elements in the list begin with `-` or `--`, they may be evaluated as Git options rather than positional arguments (e.g., file paths). Add `"--"` before the unpacked list elements to ensure they are interpreted
Pythongreprules fetch cve-2026-7725-python-git-argument-injection-missing-separator --engine opengrepDescription
Constructing Git commands with unpacked variables without using the `--` end-of-options separator can lead to argument injection. If user-controlled elements in the list begin with `-` or `--`, they may be evaluated as Git options rather than positional arguments (e.g., file paths). Add `"--"` before the unpacked list elements to ensure they are interpreted
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0