Lucene search
HistoryFeb 26, 2021 - 5:00 p.m.
RCE via git-lfs in Sourcetree for Windows - CVE-2021-21237
rce vulnerability
sourcetree for windows
git-lfs
cve-2021-21237
incomplete fix
affected versions
download
latest version
security advisory.
EPSS
0.954
Percentile
99.4%
There was an argument injection vulnerability in SourceTree for Windows introduced through git-lfs. An attacker could create a malicious repository which, after being cloned in SourceTree for Windows and enabled with git-lfs, is able to exploit this issue to gain code execution on the system.Β This is the result of an incomplete fix for CVE-2020-27955
Affected versions:
- VersionΒ 3.4.2 and earlier
Fix
- You can download the latest version ofΒ the [standard installer|https://product-downloads.atlassian.com/software/sourcetree/windows/ga/SourceTreeSetup-3.3.9.exe] or the [enterprise installer|https://product-downloads.atlassian.com/software/sourcetree/windows/ga/SourcetreeEnterpriseSetup_3.3.9.msi].
For additional details, see the [full advisory|https://confluence.atlassian.com/display/SOURCETREEKB/SourceTree+for+Windows+Security+Advisory+24th+March+2021]
Related
osv
osv
BIT-git-lfs-2021-21237
2024-03-06 10:52:17
Git LFS can execute a Git binary from the current directory on Windows
2022-02-15 00:30:37
CVE-2021-21237
2021-01-15 18:15:15
atlassian
atlassian
RCE via git-lfs in Sourcetree for Windows - CVE-2021-21237
2021-02-26 17:00:21
RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955
2021-01-07 17:07:10
RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955
2021-01-07 17:07:10
cvelist
cvelist
CVE-2021-21237 Git LFS can execute a Git binary from the current directory on Windows
2021-01-15 17:36:09
CVE-2020-27955
2020-11-05 14:57:36
nvd
nvd
CVE-2021-21237
2021-01-15 18:15:15
CVE-2020-27955
2020-11-05 15:15:36
github
github
Git LFS can execute a Git binary from the current directory on Windows
2022-02-15 00:30:37
Git LFS can execute a Git binary from the current directory
2022-02-11 23:39:18
ubuntucve
ubuntucve
CVE-2021-21237
2021-01-15 00:00:00
CVE-2020-27955
2020-11-05 00:00:00
debiancve
debiancve
CVE-2021-21237
2021-01-15 18:15:15
CVE-2020-27955
2020-11-05 15:15:36
prion
prion
Directory traversal
2021-01-15 18:15:00
Remote code execution
2020-11-05 15:15:00
cve
cve
CVE-2021-21237
2021-01-15 18:15:15
CVE-2020-27955
2020-11-05 15:15:36
veracode
veracode
Arbitrary Code Execution
2024-02-06 08:32:19
Remote Code Execution (RCE)
2022-02-14 09:57:20
githubexploit
githubexploit
zdt
zdt
Git git-lfs Remote Code Execution Exploit
2021-09-17 00:00:00
git-lfs Remote Code Execution Exploit
2020-11-08 00:00:00
packetstorm
packetstorm
git-lfs Remote Code Execution
2020-11-06 00:00:00
Git git-lfs Remote Code Execution
2021-09-16 00:00:00
alpinelinux
alpinelinux
CVE-2020-27955
2020-11-05 15:15:36
checkpoint_advisories
checkpoint_advisories
Git LFS Remote Code Execution (CVE-2020-27955)
2020-11-28 00:00:00
metasploit
metasploit
Git Remote Code Execution via git-lfs (CVE-2020-27955)
2021-09-03 21:15:38
nessus
nessus
Photon OS 4.0: Git PHSA-2023-4.0-0426
2024-07-24 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-09-17 19:59:18
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0426
2023-07-13 00:00:00