blob: b2b36763c50480c0327ba31b8cbdc437cffaa256 [file] [log] [blame]
module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/commands
additional_packages:
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/creds
symbols:
- AskPassCredentialHelper.getFromProgram
- commandCredentialHelper.Approve
versions:
- fixed: v1.5.1-0.20210113180018-fc664697ed2c
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/lfs
symbols:
- pipeExtensions
versions:
- fixed: v1.5.1-0.20210113180018-fc664697ed2c
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/lfshttp
symbols:
- sshAuthClient.Resolve
versions:
- fixed: v1.5.1-0.20210113180018-fc664697ed2c
versions:
- fixed: v1.5.1-0.20210113180018-fc664697ed2c
description: |
Due to the standard library behavior of exec.LookPath on Windows a number of methods may
result in arbitary code execution when cloning or operating on untrusted Git repositories.
published: 2021-04-14T12:00:00Z
cve: CVE-2021-21237
credit: "@Ry0taK"
symbols:
- PipeCommand
os:
- windows
links:
commit: https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a
context:
- https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5