Lucene search
GoogleOSV:CVE-2021-21237HistoryJan 15, 2021 - 6:15 p.m.
CVE-2021-21237
2021-01-1518:15:15
Google
osv.dev
15
git lfs
malicious repository
code execution
windows
cve-2021-21237
incomplete fix
go
v2.13.2
security issue
large files
git
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. This is the result of an incomplete fix for CVE-2020-27955. This issue occurs because on Windows, Go includes (and prefers) the current directory when the name of a command run does not contain a directory separator. Other than avoiding untrusted repositories or using a different operating system, there is no workaround. This is fixed in v2.13.2.
Related
atlassian
atlassian
RCE via git-lfs in Sourcetree for Windows - CVE-2021-21237
2021-02-26 17:00:21
RCE via git-lfs in Sourcetree for Windows - CVE-2020-27955
2021-01-07 17:07:10
RCE via git-lfs in Sourcetree for Windows - CVE-2021-21237
2021-02-26 17:00:21
osv
osv
BIT-git-lfs-2021-21237
2024-03-06 10:52:17
Git LFS can execute a Git binary from the current directory on Windows
2022-02-15 00:30:37
Arbitrary code execution on Windows in github.com/git-lfs/git-lfs
2021-04-14 20:04:52
ubuntucve
ubuntucve
CVE-2021-21237
2021-01-15 00:00:00
CVE-2020-27955
2020-11-05 00:00:00
cvelist
cvelist
CVE-2021-21237 Git LFS can execute a Git binary from the current directory on Windows
2021-01-15 17:36:09
CVE-2020-27955
2020-11-05 14:57:36
nvd
nvd
CVE-2021-21237
2021-01-15 18:15:15
CVE-2020-27955
2020-11-05 15:15:36
github
github
Git LFS can execute a Git binary from the current directory on Windows
2022-02-15 00:30:37
Git LFS can execute a Git binary from the current directory
2022-02-11 23:39:18
debiancve
debiancve
CVE-2021-21237
2021-01-15 18:15:15
CVE-2020-27955
2020-11-05 15:15:36
prion
prion
Directory traversal
2021-01-15 18:15:00
Remote code execution
2020-11-05 15:15:00
cve
cve
CVE-2021-21237
2021-01-15 18:15:15
CVE-2020-27955
2020-11-05 15:15:36
githubexploit
githubexploit
veracode
veracode
Arbitrary Code Execution
2024-02-06 08:32:19
Remote Code Execution (RCE)
2022-02-14 09:57:20
zdt
zdt
Git git-lfs Remote Code Execution Exploit
2021-09-17 00:00:00
git-lfs Remote Code Execution Exploit
2020-11-08 00:00:00
packetstorm
packetstorm
git-lfs Remote Code Execution
2020-11-06 00:00:00
Git git-lfs Remote Code Execution
2021-09-16 00:00:00
metasploit
metasploit
Git Remote Code Execution via git-lfs (CVE-2020-27955)
2021-09-03 21:15:38
alpinelinux
alpinelinux
CVE-2020-27955
2020-11-05 15:15:36
checkpoint_advisories
checkpoint_advisories
Git LFS Remote Code Execution (CVE-2020-27955)
2020-11-28 00:00:00
nessus
nessus
Photon OS 4.0: Git PHSA-2023-4.0-0426
2024-07-24 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-09-17 19:59:18
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0426
2023-07-13 00:00:00