CVE-2024-21531

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Oct 1, 2024
Updated: Oct 4, 2024
CWE ID 78

Summary

CVE-2024-21531 identifies a vulnerability in all versions of the git-shallow-clone package, which is susceptible to command injection due to a lack of proper sanitization in the process variable of the gitShallowClone function. This vulnerability has a medium severity rating with a base score of 5.3 and requires low privileges to exploit, allowing for potential local attacks without user interaction. Affected products include those relying on the git-shallow-clone package, and organizations are advised to apply sanitization or mitigation measures to remediate this issue. The potential impact on integrity and confidentiality is low, but if exploited, it could allow unauthorized command execution on affected systems. For further details, references can be found at Snyk's security page and GitHub repository links related to this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-21531 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions