CVE-2024-21531

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-78
View all →

Vulnerability Description

All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function.

Related Vulnerabilities

CVE-2017-3806

MEDIUM
CVSS:5.3(Medium)

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject...

CWE-782017

CVE-2018-15726

MEDIUM
CVSS:5.3(Medium)

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.

CWE-782018

CVE-2019-20807

MEDIUM
CVSS:5.3(Medium)

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

CWE-782019

CVE-2020-26294

MEDIUM
CVSS:5.3(Medium)

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server co...

CWE-782020

CVE-2020-3367

MEDIUM
CVSS:5.3(Medium)

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command ...

CWE-782020

CVE-2021-30187

MEDIUM
CVSS:5.3(Medium)

CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command.

CWE-782021