CVE-2024-21533 MEDIUM

CVE-2024-21533

Vendor N/A
Product ggit
Weakness CWE-88
Published October 8, 2024
Last update March 21, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P

What the vulnerability does

01Description

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.

Key dates

02Disclosure timeline

October 8, 2024 CVE published
March 21, 2026 Record updated