CVE-2021-21300

CWE-599 documents9 sources

Severity

7.5HIGH

EPSS

61.9%

top 1.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Xcode Git-scm GIT GIT GIT +2 more

Timeline

PublishedMar 9

Latest updateNov 30

Description

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, a…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.8

Affected Packages4 packages

▶NVDapple/xcode< 12.5

▶NVDgit-scm/git2.17.0 — 2.17.6+14

▶Debiangit< 1:2.30.2-1+3

▶CVEListV5git/git14 versions+13

Also affects: Debian Linux 10.0, Fedora 32, 33, 34

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2021-21300: Git is an open-source distributed revision control system↗2021-03-09

▶

CVEList

malicious repositories can execute remote code while cloning↗2021-03-09

▶

📋Vendor Advisories

Microsoft

Git for Visual Studio Remote Code Execution Vulnerability↗2021-03-09

▶

Red Hat

git: remote code execution during clone operation on case-insensitive filesystems↗2021-03-09

▶

Ubuntu

Git vulnerability↗2021-03-09

▶

Debian

CVE-2021-21300: git - Git is an open-source distributed revision control system. In affected versions ...↗2021

▶

📄Research Papers

arXiv

Unsafe at Any Copy: Name Collisions from Mixing Case Sensitivities↗2022-11-30

▶