Vulnerability Description
git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Git-Bug Project | Git-Bug | < 0.7.2 |
Related Weaknesses (CWE)
References
- https://github.com/MichaelMure/git-bug/security/advisories/GHSA-m898-h4pm-pqfrThird Party Advisory
- https://vuln.ryotak.me/advisories/18Third Party Advisory
- https://github.com/MichaelMure/git-bug/security/advisories/GHSA-m898-h4pm-pqfrThird Party Advisory
- https://vuln.ryotak.me/advisories/18Third Party Advisory
FAQ
What is CVE-2021-28955?
CVE-2021-28955 is a vulnerability with a CVSS score of 9.8 (CRITICAL). git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).
How severe is CVE-2021-28955?
CVE-2021-28955 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-28955?
Check the references section above for vendor advisories and patch information. Affected products include: Git-Bug Project Git-Bug.