reports/GO-2021-0098.toml - vulndb - Git at Google

 module = "github.com/git-lfs/git-lfs"
 package = "github.com/git-lfs/git-lfs/commands"

 description = """
 Due to the standard library behavior of exec.LookPath on Windows a number of methods may
 result in arbitary code execution when cloning or operating on untrusted Git repositories.
 """

 os = ["windows"]

 cve = "CVE-2021-21237"

 credit = "@Ry0taK"

 symbols = ["PipeCommand"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v1.5.1-0.20210113180018-fc664697ed2c"

 [[additional_packages]]
 module = "github.com/git-lfs/git-lfs"
 package = "github.com/git-lfs/git-lfs/creds"
 symbols = ["AskPassCredentialHelper.getFromProgram", "commandCredentialHelper.Approve"]
 [[additional_packages.versions]]
 fixed = "v1.5.1-0.20210113180018-fc664697ed2c"

 [[additional_packages]]
 module = "github.com/git-lfs/git-lfs"
 package = "github.com/git-lfs/git-lfs/lfs"
 symbols = ["pipeExtensions"]
 [[additional_packages.versions]]
 fixed = "v1.5.1-0.20210113180018-fc664697ed2c"

 [[additional_packages]]
 module = "github.com/git-lfs/git-lfs"
 package = "github.com/git-lfs/git-lfs/lfshttp"
 symbols = ["sshAuthClient.Resolve"]
 [[additional_packages.versions]]
 fixed = "v1.5.1-0.20210113180018-fc664697ed2c"

 [links]
 commit = "https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a"
 context = ["https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5"]
	module = "github.com/git-lfs/git-lfs"
	package = "github.com/git-lfs/git-lfs/commands"

	description = """
	Due to the standard library behavior of exec.LookPath on Windows a number of methods may
	result in arbitary code execution when cloning or operating on untrusted Git repositories.
	"""

	os = ["windows"]

	cve = "CVE-2021-21237"

	credit = "@Ry0taK"

	symbols = ["PipeCommand"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v1.5.1-0.20210113180018-fc664697ed2c"

	[[additional_packages]]
	module = "github.com/git-lfs/git-lfs"
	package = "github.com/git-lfs/git-lfs/creds"
	symbols = ["AskPassCredentialHelper.getFromProgram", "commandCredentialHelper.Approve"]
	[[additional_packages.versions]]
	fixed = "v1.5.1-0.20210113180018-fc664697ed2c"

	[[additional_packages]]
	module = "github.com/git-lfs/git-lfs"
	package = "github.com/git-lfs/git-lfs/lfs"
	symbols = ["pipeExtensions"]
	[[additional_packages.versions]]
	fixed = "v1.5.1-0.20210113180018-fc664697ed2c"

	[[additional_packages]]
	module = "github.com/git-lfs/git-lfs"
	package = "github.com/git-lfs/git-lfs/lfshttp"
	symbols = ["sshAuthClient.Resolve"]
	[[additional_packages.versions]]
	fixed = "v1.5.1-0.20210113180018-fc664697ed2c"

	[links]
	commit = "https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a"
	context = ["https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5"]