exploitDog

CVE-2021-28954

Опубликовано: 21 мар. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.

Ссылки

https://github.com/chriswalz/bit/releases/tag/v1.0.5
Release Notes
Third Party Advisory
https://vuln.ryotak.me/advisories/17
Third Party Advisory
https://github.com/chriswalz/bit/releases/tag/v1.0.5
Release Notes
Third Party Advisory
https://vuln.ryotak.me/advisories/17
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:bit_project:bit:*:*:*:*:*:*:*:*

Версия до 1.0.5 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00237

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-2f2v-jmx7-35c8

CVSS3: 7.8

github

больше 3 лет назад

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository. THIS IS GOLANG!

EPSS

Процентиль: 47%

0.00237

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-427