CVE-2024-21533
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-21533 identifies a vulnerability in all versions of the ggit package that allows for Arbitrary Argument Injection via the clone() API. This issue occurs due to the library's failure to sanitize user input and validate URL schemes, which can lead to unauthorized command execution. Affected products include those utilizing the ggit package, with a medium severity rating and an exploitability score of 3.9, indicating a low attack complexity without requiring user interaction. To remediate this vulnerability, users should update to a patched version of the ggit package that addresses these input validation weaknesses. If exploited, this vulnerability could potentially compromise system integrity by allowing attackers to execute arbitrary commands on affected systems.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.