CVE-2024-21532

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Oct 8, 2024
Updated: Oct 10, 2024
CWE ID 78

Summary

CVE-2024-21532 identifies a command injection vulnerability present in all versions of the ggit package, which allows user input to dictate the branch fetched and subsequently concatenates this input into a git command executed by the unsafe exec() function in Node.js. This flaw affects products utilizing the ggit package and poses a high security risk due to its ease of exploitation, requiring no special privileges or user interaction. Organizations may face potential integrity and availability impacts, as an attacker could exploit this vulnerability via network vectors. To remediate this issue, it is recommended that users upgrade to a version of ggit that addresses this vulnerability. Further details on the vulnerability can be found through security advisory links such as those provided by Snyk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share