exploitDog

CVE-2021-36376

Опубликовано: 13 июл. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 4.4

EPSS Низкий

Описание

dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory.

Ссылки

https://github.com/dandavison/delta/commit/f01846bd443aaf92fdd5ac20f461beac3f6ee3fd
Patch
Third Party Advisory
https://github.com/dandavison/delta/releases/tag/0.8.3
Release Notes
Third Party Advisory
https://vuln.ryotak.me/advisories/54
Third Party Advisory
https://github.com/dandavison/delta/commit/f01846bd443aaf92fdd5ac20f461beac3f6ee3fd
Patch
Third Party Advisory
https://github.com/dandavison/delta/releases/tag/0.8.3
Release Notes
Third Party Advisory
https://vuln.ryotak.me/advisories/54
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:delta_project:delta:*:*:*:*:*:*:*:*

Версия до 0.8.3 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.0008

Низкий

7.8 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-5xg3-j2j6-rcx4

CVSS3: 7.8

github

больше 4 лет назад

Relative Path Traversal in git-delta

EPSS

Процентиль: 24%

0.0008

Низкий

7.8 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-427