github.com/sourcegraph/sourcegraph is vulnerable to arbitrary code execution. The vulnerability exists in the buildCustomFetchMappings
function in customfetch.go
due to an experimental feature which if enabled on the gitserver which allows an attacker to inject and execute arbitrary commands.