216.73.217.24

CVE-2024-21533

· Published 08/10/2024 05:15 · Modified 10/10/2024 12:57

Labels: CVE-2024-21533 2024-10-08CVE-2024-21533CWE-88[email protected]

Essential information

Published
08/10/2024 05:15
Modified
10/10/2024 12:57
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CVSS metrics

Description

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References