Impact
Weblate didn't correctly sanitize some arguments passed to Git and Mercurial, which allowed changing their behavior in an unintended way.
Patches
The issues were fixed in the 4.11.1 release. The following commits are addressing it:
Workarounds
Instances in which untrusted users cannot create new components are not affected.
References
For more information
If you have any questions or comments about this advisory:
dellalibera Analyst
Impact
Weblate didn't correctly sanitize some arguments passed to Git and Mercurial, which allowed changing their behavior in an unintended way.
Patches
The issues were fixed in the 4.11.1 release. The following commits are addressing it:
Workarounds
Instances in which untrusted users cannot create new components are not affected.
References
For more information
If you have any questions or comments about this advisory: