Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-M898-H4PM-PQFR
HistoryMay 25, 2021 - 6:44 p.m.

Arbitrary code execution due to an uncontrolled search path for the git binary

2021-05-2518:44:09
Google
osv.dev
9

EPSS

0.002

Percentile

61.8%

JSON

Impact

The go language recently addressed a security issue in the way that binaries are found before being executed. Some operating systems like Windows persist to have the current directory being part of the default search path, and having priority over the system-wide path.

This means that it’s possible for a malicious user to craft for example a git.bat command, commit it and push it in a repository. Later when git-bug search for the git binary, this malicious executable can take priority and be executed.

Who is impacted

This issue happen on Windows and some other operating systems with a badly configured PATH.

All version prior to 0.7.2 are vulnerable to this issue.

Patches

Version 0.7.2 fix this issue. Users should update as soon as possible.

References

More details about this issue can be found here.

Related

gitlab 2
prion 1
osv 1
github 1
veracode 1
nvd 1
cve 1
cvelist 1
gitlab
gitlab
Uncontrolled Search Path Element
2021-05-25 00:00:00
Uncontrolled Search Path Element
2021-05-25 00:00:00
prion
prion
Code injection
2021-03-22 07:15:00
osv
osv
CVE-2021-28955
2021-03-22 07:15:12
github
github
Arbitrary code execution due to an uncontrolled search path for the git binary
2021-05-25 18:44:09
veracode
veracode
Remote Code Execution (RCE)
2021-03-23 01:54:44
nvd
nvd
CVE-2021-28955
2021-03-22 07:15:12
cve
cve
CVE-2021-28955
2021-03-22 07:15:12
cvelist
cvelist
CVE-2021-28955
2021-03-22 06:19:43

EPSS

0.002

Percentile

61.8%

JSON
Related for OSV:GHSA-M898-H4PM-PQFR
gitlab2prion1osv1github1veracode1nvd1cve1cvelist1