Severity: CRITICAL
Detected by: GSC (Git Security Checker) automated scan
File: xonsh/readline_shell.py:655
Description: The code passes unsanitized user input to a shell command, enabling command injection. An attacker could execute arbitrary commands on the host system.
Mitigation: Use subprocess.run() with shell=False and pass arguments as a list, or sanitize input with shlex.quote().
Found during automated security audit of gitsome (⭐7,675).
Severity: CRITICAL
Detected by: GSC (Git Security Checker) automated scan
File:
xonsh/readline_shell.py:655Description: The code passes unsanitized user input to a shell command, enabling command injection. An attacker could execute arbitrary commands on the host system.
Mitigation: Use
subprocess.run()withshell=Falseand pass arguments as a list, or sanitize input withshlex.quote().Found during automated security audit of gitsome (⭐7,675).