blob: ed43b18a3865d79f5d70160a8a59450bf10a03cf [file] [log] [blame]
packages:
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/commands
symbols:
- PipeCommand
versions:
- fixed: 1.5.1-0.20210113180018-fc664697ed2c
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/creds
symbols:
- AskPassCredentialHelper.getFromProgram
- commandCredentialHelper.Approve
versions:
- fixed: 1.5.1-0.20210113180018-fc664697ed2c
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/lfs
symbols:
- pipeExtensions
versions:
- fixed: 1.5.1-0.20210113180018-fc664697ed2c
- module: github.com/git-lfs/git-lfs
package: github.com/git-lfs/git-lfs/lfshttp
symbols:
- sshAuthClient.Resolve
versions:
- fixed: 1.5.1-0.20210113180018-fc664697ed2c
description: |
Due to the standard library behavior of exec.LookPath on Windows a number of methods may
result in arbitrary code execution when cloning or operating on untrusted Git repositories.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2021-21237
ghsas:
- GHSA-cx3w-xqmc-84g5
credit: '@Ry0taK'
os:
- windows
links:
commit: https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a
context:
- https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5