CVE-2021-32673
published 2021-06-08CVE-2021-32673: reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.94%
77.6th percentile
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| reg-keygen-git-hash_project | reg-keygen-git-hash | <= 0.10.15 | — |
| reg-viz | reg-suit | < 0.10.16 | 0.10.16 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Remote Command Execution in reg-keygen-git-hash-plugin
osv·2021-06-08
CVE-2021-32673 [HIGH] Remote Command Execution in reg-keygen-git-hash-plugin
Remote Command Execution in reg-keygen-git-hash-plugin
### Impact
`reg-keygen-git-hash-plugin` through 0.10.15 allow remote attackers to execute of arbitrary commands.
### Patches
Upgrade to version 0.10.16 or later.
### For more information
If you have any questions or comments about this advisory:
- Open an issue in [reg-viz/reg-suit](https://github.com/reg-viz/reg-suit)
GHSA
Remote Command Execution in reg-keygen-git-hash-plugin
ghsa·2021-06-08
CVE-2021-32673 [HIGH] CWE-78 Remote Command Execution in reg-keygen-git-hash-plugin
Remote Command Execution in reg-keygen-git-hash-plugin
### Impact
`reg-keygen-git-hash-plugin` through 0.10.15 allow remote attackers to execute of arbitrary commands.
### Patches
Upgrade to version 0.10.16 or later.
### For more information
If you have any questions or comments about this advisory:
- Open an issue in [reg-viz/reg-suit](https://github.com/reg-viz/reg-suit)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmphttps://www.npmjs.com/package/reg-keygen-git-hash-pluginhttps://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmphttps://www.npmjs.com/package/reg-keygen-git-hash-plugin
2021-06-08
Published