Lucene search

GitHub_MCVELIST:CVE-2021-32673

HistoryJun 08, 2021 - 5:00 p.m.

CVE-2021-32673 Remote Command Execution in reg-keygen-git-hash-plugin

2021-06-0817:00:13

CWE-94

GitHub_M

www.cve.org

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

9.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.

CNA Affected

[
  {
    "product": "reg-suit",
    "vendor": "reg-viz",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.10.16"
      }
    ]
  }
]

References

github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87

github.com/reg-viz/reg-suit/releases/tag/v0.10.16

github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp

www.npmjs.com/package/reg-keygen-git-hash-plugin

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

9.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVELIST:CVE-2021-32673