← back
CVE-2024-21533

CVE-2024-21533

CVSS 6.5 MEDIUMEPSS 0.6%CWE-88
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Oct 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P
Affected products
n/a · ggit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gist.github.com/lirantal/80c6d59ac1b682a32bc9d2ff92044bb9https://github.com/bahmutov/ggit/blob/2e85b0316d9c272e067dca5679d39e302f4cb9cd/README.md?plain=1#L3https://security.snyk.io/vuln/SNYK-JS-GGIT-5731319