CVE-2021-44685

Опубликовано: 07 дек. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).

Ссылки

https://github.com/dwisiswant0/advisory/issues/3
Exploit
Issue Tracking
Third Party Advisory
https://github.com/jlord/git-it-electron/releases
Release Notes
Third Party Advisory
https://github.com/dwisiswant0/advisory/issues/3
Exploit
Issue Tracking
Third Party Advisory
https://github.com/jlord/git-it-electron/releases
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:git-it_project:git-it:*:*:*:*:*:*:*:*

Версия до 4.4.0 (включая)

EPSS

Процентиль: 83%

0.01961

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-wjqc-j537-j9gj