12 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-21237
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file ...
CVE-2021-21237
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...
Bamboo for Windows uses a version of Git LFS vulnerable to remote code execution (CVE-2021-21237)
Git LFS is vulnerable to remote code execution on Windows CVE-2021-21237: On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...
Bamboo for Windows uses a version of Git LFS vulnerable to remote code execution (CVE-2021-21237)
Git LFS is vulnerable to remote code execution on Windows CVE-2021-21237: On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...
RCE via git-lfs in Sourcetree for Windows - CVE-2021-21237
There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system. Thi...
RCE via git-lfs in Sourcetree for Windows - CVE-2021-21237
There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system. Thi...
CVE-2021-21237
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...
CVE-2021-21237
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...
CVE-2021-21237
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...
CVE-2021-21237
Summary (CVE-2021-21237): Git LFS on Windows is vulnerable to remote code execution when operating on a malicious repository that contains a git.bat or git.exe in the current directory. The Go runtime on Windows includes the current directory for command names without a directory separator, causi...
CVE-2021-21237
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...
CVE-2021-21237 Git LFS can execute a Git binary from the current directory on Windows
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix...