← volver
CVE-2024-21533

CVE-2024-21533

CVSS 6.5 MEDIUMEPSS 0.6%CWE-88
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 oct 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P
Productos afectados
n/a · ggit

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gist.github.com/lirantal/80c6d59ac1b682a32bc9d2ff92044bb9https://github.com/bahmutov/ggit/blob/2e85b0316d9c272e067dca5679d39e302f4cb9cd/README.md?plain=1#L3https://security.snyk.io/vuln/SNYK-JS-GGIT-5731319