CVE-2021-44685
published 2021-12-07CVE-2021-44685: Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.47%
87.6th percentile
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| git-it_project | git-it | <= 4.4.0 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Command injection in git-it-electron
ghsa·2021-12-08
CVE-2021-44685 [CRITICAL] CWE-78 Command injection in git-it-electron
Command injection in git-it-electron
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).
OSV
Command injection in git-it-electron
osv·2021-12-08
CVE-2021-44685 [CRITICAL] Command injection in git-it-electron
Command injection in git-it-electron
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-07
Published