exploitDog

CVE-2021-3190

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.

Ссылки

https://advisory.checkmarx.net/advisory/CX-2021-4772
Exploit
Third Party Advisory
https://github.com/omrilotan/async-git/pull/13
Third Party Advisory
https://github.com/omrilotan/async-git/pull/13/commits/611823bd97dd41e9e8127c38066868ff9dcfa57a
Patch
Third Party Advisory
https://github.com/omrilotan/async-git/pull/13/commits/a5f45f58941006c4cc1699609383b533d9b92c6a
Patch
Third Party Advisory
https://github.com/omrilotan/async-git/pull/14
Patch
Third Party Advisory
https://advisory.checkmarx.net/advisory/CX-2021-4772
Exploit
Third Party Advisory
https://github.com/omrilotan/async-git/pull/13
Third Party Advisory
https://github.com/omrilotan/async-git/pull/13/commits/611823bd97dd41e9e8127c38066868ff9dcfa57a
Patch
Third Party Advisory
https://github.com/omrilotan/async-git/pull/13/commits/a5f45f58941006c4cc1699609383b533d9b92c6a
Patch
Third Party Advisory
https://github.com/omrilotan/async-git/pull/14
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:async-git_project:async-git:*:*:*:*:*:node.js:*:*

Версия до 1.13.2 (исключая)

EPSS

Процентиль: 95%

0.20943

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-6c3f-p5wp-34mh

CVSS3: 9.8

github

около 5 лет назад

OS Command Injection in async-git

EPSS

Процентиль: 95%

0.20943

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78