CVE-2021-28955: Arbitrary code execution due to an uncontrolled search path for the git binary

Severity: Critical

CVSS Score: 9.8

git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).