Shell Injection Vulnerability Exposed in Unix GitOperations::exec via popen

A high-severity shell injection vulnerability has been identified in the Unix implementation of `GitOperations::exec` within `src/git/operations.cpp`. The method constructs shell commands using `popen` with string-interpolated arguments, directly incorporating user-supplied parameters such as branch names and commit messages. If this user-controlled input contains shell metacharacters, an attacker could inject arbitrary shell commands with the privileges of the executing process.

The vulnerability specifically affects how git operations are spawned on Unix systems. Rather than passing arguments directly to a process, the current implementation routes command strings through the shell interpreter, which parses and expands metacharacters before execution. This design pattern creates a direct injection pathway whenever untrusted input reaches git operations. The issue carries elevated risk because git operations routinely handle data from external repositories or user submissions.

Developers have outlined multiple remediation paths. The preferred approach replaces `popen` with direct process-spawning mechanisms such as `fork` combined with `execvp`, or `POSIX_SPAWN`, both of which bypass shell interpretation entirely. Alternatively, comprehensive argument escaping before passing data to `popen` could mitigate the risk, though this approach is more error-prone. As a minimum interim measure, strict validation and sanitization of all user input that reaches git operations is advised. Given the high severity rating and the potential for arbitrary code execution, this vulnerability warrants urgent review and patching.