CVE-2022-42906 is a high-severity vulnerability affecting versions of powerline-gitstatus prior to 1.3.2. Powerline-gitstatus is a tool that enhances the command prompt by displaying Git repository status information. The vulnerability arises because Git repositories can include per-repository configuration files that influence Git's behavior, including the execution of arbitrary commands. When a user navigates into a directory containing a Git repository, powerline-gitstatus automatically runs Git commands to gather repository status for prompt display. If an attacker can trick a user into changing their working directory to a location controlled by the attacker—such as a shared filesystem location or an extracted archive containing a malicious Git repository configuration—powerline-gitstatus will execute arbitrary commands embedded in the repository configuration. This leads to arbitrary code execution under the context of the user. The vulnerability is similar to CVE-2022-20001, which also involves command injection via Git configuration. The CVSS v3.1 base score is 7.8, reflecting a high impact on confidentiality, integrity, and availability, with low attack complexity but requiring user interaction (changing directory). The vulnerability does not require privileges or authentication beyond normal user access. No known exploits in the wild have been reported as of the publication date. The root cause is improper handling of untrusted Git repository configurations that allow command injection (CWE-77).

For European organizations, this vulnerability poses a significant risk especially in environments where developers or users frequently interact with Git repositories, including shared network drives, CI/CD pipelines, or when unpacking archives from untrusted sources. Successful exploitation can lead to arbitrary code execution, potentially allowing attackers to compromise user accounts, steal sensitive information, or move laterally within networks. This is particularly concerning for organizations with distributed development teams or those using shared filesystems where attackers might plant malicious repositories. The compromise of developer workstations or build servers can undermine software integrity and supply chain security. Additionally, since the vulnerability affects the command prompt environment, it may be leveraged to deploy persistent backdoors or malware. The impact extends to confidentiality, integrity, and availability of systems and data, making it a critical concern for sectors with high security requirements such as finance, government, and critical infrastructure within Europe.

European organizations should take the following specific actions: 1) Upgrade powerline-gitstatus to version 1.3.2 or later where the vulnerability is patched. 2) Implement strict controls on the sources of Git repositories, avoiding the use of untrusted or unaudited repositories, especially on shared filesystems or in archives. 3) Educate users and developers about the risks of changing directories into untrusted repositories and encourage verification of repository origins. 4) Employ endpoint security solutions that monitor and restrict unexpected command executions triggered by shell prompts. 5) Use containerization or sandboxing for development environments to limit the scope of potential exploitation. 6) Audit and monitor filesystem locations commonly used for shared repositories or extracted archives for suspicious Git configurations. 7) Integrate security scanning tools that detect malicious Git configurations or command injection patterns in repositories before use. These measures go beyond generic advice by focusing on controlling repository trust boundaries, user behavior, and runtime monitoring.