CVE-2024-21533

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-88
View all →

Vulnerability Description

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.

Related Vulnerabilities

CVE-2017-15694

MEDIUM
CVSS:6.5(Medium)

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could mo...

CWE-882017

CVE-2019-0764

MEDIUM
CVSS:6.5(Medium)

A tampering vulnerability exists when Microsoft browsers do not properly validate input under specific conditions, aka 'Microsoft Browsers Tampering Vulnerability'.

CWE-882019

CVE-2019-10800

MEDIUM
CVSS:6.5(Medium)

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.

CWE-882019

CVE-2020-5657

MEDIUM
CVSS:6.5(Medium)

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interf...

CWE-882020

CVE-2021-1484

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS)...

CWE-882021

CVE-2021-3256

MEDIUM
CVSS:6.5(Medium)

KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file.

CWE-882021