CVE-2021-32673 HIGH

CVE-2021-32673: Remote Command Execution in reg-keygen-git-hash-plugin

Vendor Reg-Viz
Product reg-suit
Weakness CWE-94 · Code injection
Published June 8, 2021
Last update August 3, 2024

CVSS base score

8.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.

Key dates

02Disclosure timeline

June 8, 2021 CVE published
August 3, 2024 Record updated