Description
repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unauthenticated attackers to read arbitrary local git repositories. The isValidRemoteValue function in src/core/git/gitRemoteParse.ts fails to block file:// URLs, permitting attackers to supply file:// scheme URLs that bypass validation and are passed directly to git clone, enabling unauthorized access to all tracked file contents on the server filesystem.
Problem types
Files or Directories Accessible to External Parties
Product status
Any version before 1.14.1
Any version
Credits
George Chen
References
github.com/yamadashy/repomix/issues/1704
github.com/yamadashy/repomix
github.com/...ommit/c748b524f41225e7fc6f89ad0084520901a453cf (Patch Commit)
www.vulncheck.com/...a-file-url-scheme-in-git-clone-endpoint