CVE-2024-21533

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 8, 2024
Updated: Oct 10, 2024
CWE ID 88

Summary

CVE-2024-21533 identifies a vulnerability in all versions of the ggit package that allows for Arbitrary Argument Injection via the clone() API. This issue occurs due to the library's failure to sanitize user input and validate URL schemes, which can lead to unauthorized command execution. Affected products include those utilizing the ggit package, with a medium severity rating and an exploitability score of 3.9, indicating a low attack complexity without requiring user interaction. To remediate this vulnerability, users should update to a patched version of the ggit package that addresses these input validation weaknesses. If exploited, this vulnerability could potentially compromise system integrity by allowing attackers to execute arbitrary commands on affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share