Описание
Remote Command Execution in reg-keygen-git-hash-plugin
Impact
reg-keygen-git-hash-plugin through 0.10.15 allow remote attackers to execute of arbitrary commands.
Patches
Upgrade to version 0.10.16 or later.
For more information
If you have any questions or comments about this advisory:
- Open an issue in reg-viz/reg-suit
Ссылки
- https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp
- https://nvd.nist.gov/vuln/detail/CVE-2021-32673
- https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87
- https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16
- https://www.npmjs.com/package/reg-keygen-git-hash-plugin
Пакеты
Наименование
reg-keygen-git-hash-plugin
npm
Затронутые версииВерсия исправления
< 0.10.16
0.10.16
Связанные уязвимости
CVSS3: 8.8
nvd
больше 4 лет назад
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.