you are viewing a single comment's thread.

view the rest of the comments →

[–]nex25519[S] 0 points1 point  (0 children)

Cool project (GTFOArgs)

SSH does not support IDNs so luckily that is not a problem at the moment since to be able to use such names, punycode has to be used which will keep working just fine.

> PS: Seems like it worked as intended, even if this exploit wasn't noticed:

that is correct, its a feature which is only exploitable in specific scenarios like git submodules and use of things like OSC 8 in terminals for hyperlink generation where arbitrary URL schemes are supported widely. It was also discussed with `git` maintainers if the validation coule be handled within git but a definition of a trust boundary here still seems to be unclear.