CVE-2021-32673 – Remote Command Execution in reg-keygen-git-hash-plugin
https://notcve.org/view.php?id=CVE-2021-32673
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue. reg-keygen-git-hash-plugin es un plugin de reg-suit para detectar la clave instantánea para ser comparada con el uso de Git commit hash. reg-keygen-git-hash-plugin versiones hasta 0.10.15 e incluyéndola, permiten a atacantes remotos a ejecutar comandos arbitrarios. Actualizar a versión 0.10.16 o posterior para resolver este problema • https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87 https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16 https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp https://www.npmjs.com/package/reg-keygen-git-hash-plugin • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •