gitjacker prior to 0.1.0 allows remote malicious users to execute arbitrary code via a crafted .git directory because of directory traversal.
gitjacker project gitjacker