CVE-2021-44685: OS Command Injection in Git-it
Git-it through 4.4.0 allows OS command injection at the Branches Aren’t Just For Birds challenge step. During the verification process, it attempts to run the
reflog command followed by the current branch name (which is not sanitized for execution).
Proof of Concept