CVE-2024-21531
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-21531 identifies a vulnerability in all versions of the git-shallow-clone package, which is susceptible to command injection due to a lack of proper sanitization in the process variable of the gitShallowClone function. This vulnerability has a medium severity rating with a base score of 5.3 and requires low privileges to exploit, allowing for potential local attacks without user interaction. Affected products include those relying on the git-shallow-clone package, and organizations are advised to apply sanitization or mitigation measures to remediate this issue. The potential impact on integrity and confidentiality is low, but if exploited, it could allow unauthorized command execution on affected systems. For further details, references can be found at Snyk's security page and GitHub repository links related to this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions