CVE-2021-44685

Published: Dec 7, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).

Affected (1)

Products: Git It Project: Git It

Git It Project

1 product

Git It

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Git It Project Git It	Up to 4.4.0

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://github.com/dwisiswant0/advisory/issues/3

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/jlord/git-it-electron/releases

Source: cve@mitre.org

Release NotesThird Party Advisory

https://github.com/dwisiswant0/advisory/issues/3

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/jlord/git-it-electron/releases

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.