CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44685
https://notcve.org/view.php?id=CVE-2021-44685
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution). Git-it versiones hasta 4.4.0, permite una inyección de comandos del sistema operativo en el paso de desafío Branches Aren't Just For Birds. Durante el proceso de verificación, se intenta ejecutar el comando reflog seguido del nombre de la rama actual (que no está desinfectado para su ejecución) • https://github.com/dwisiswant0/advisory/issues/3 https://github.com/jlord/git-it-electron/releases • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-40330
https://notcve.org/view.php?id=CVE-2021-40330
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. La función git_connect_git en el archivo connect.c en Git versiones anteriores a 2.30.1, permite que la ruta de un repositorio contenga un carácter de nueva línea, que puede resultar en peticiones inesperadas entre protocolos, como es demostrado en la subcadena git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 • https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473 https://github.com/git/git/compare/v2.30.0...v2.30.1 https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30483 – isomorphic-git: Directory traversal via a crafted repository
https://notcve.org/view.php?id=CVE-2021-30483
isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. isomorphic-git versiones anteriores a 1.8.2, permite un Salto de Directorio por medio de un repositorio diseñado A flaw was found in isomorphic-git. An attacker could cause a Directory Traversal via a crafted filepath in a repository being cloned. • https://github.com/isomorphic-git/isomorphic-git/pull/1339 https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2 https://vuln.ryotak.me/advisories/28 https://access.redhat.com/security/cve/CVE-2021-30483 https://bugzilla.redhat.com/show_bug.cgi?id=1988539 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-32673 – Remote Command Execution in reg-keygen-git-hash-plugin
https://notcve.org/view.php?id=CVE-2021-32673
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue. reg-keygen-git-hash-plugin es un plugin de reg-suit para detectar la clave instantánea para ser comparada con el uso de Git commit hash. reg-keygen-git-hash-plugin versiones hasta 0.10.15 e incluyéndola, permiten a atacantes remotos a ejecutar comandos arbitrarios. Actualizar a versión 0.10.16 o posterior para resolver este problema • https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87 https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16 https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp https://www.npmjs.com/package/reg-keygen-git-hash-plugin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28955
https://notcve.org/view.php?id=CVE-2021-28955
git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). git-bug versiones anteriores a 0.7.2, presenta un Elemento de Ruta de Búsqueda No Controlada. Ejecutará git.bat desde el directorio actual en determinadas situaciones de PATH (visto con mayor frecuencia en Windows) • https://github.com/MichaelMure/git-bug/security/advisories/GHSA-m898-h4pm-pqfr https://vuln.ryotak.me/advisories/18 • CWE-427: Uncontrolled Search Path Element •