216.73.217.172

CVE-2024-21532

· Published 08/10/2024 05:15 · Modified 10/10/2024 12:57

Labels: CVE-2024-21532 2024-10-08CVE-2024-21532CWE-78[email protected]

Essential information

Published
08/10/2024 05:15
Modified
10/10/2024 12:57
Author
Creator
CVSS
7.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS metrics

Description

All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References