Vulnerability Description
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Reg-Keygen-Git-Hash Project | Reg-Keygen-Git-Hash | <= 0.10.15 |
Related Weaknesses (CWE)
References
- https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444PatchThird Party Advisory
- https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16Release NotesThird Party Advisory
- https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmpThird Party Advisory
- https://www.npmjs.com/package/reg-keygen-git-hash-pluginProductThird Party Advisory
- https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444PatchThird Party Advisory
- https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16Release NotesThird Party Advisory
- https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmpThird Party Advisory
- https://www.npmjs.com/package/reg-keygen-git-hash-pluginProductThird Party Advisory
FAQ
What is CVE-2021-32673?
CVE-2021-32673 is a vulnerability with a CVSS score of 8.8 (HIGH). reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to ...
How severe is CVE-2021-32673?
CVE-2021-32673 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32673?
Check the references section above for vendor advisories and patch information. Affected products include: Reg-Keygen-Git-Hash Project Reg-Keygen-Git-Hash.