First published: Tue Mar 09 2021(Updated: )
Git. This issue was addressed with improved checks.
Credit: an anonymous researcher security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Xcode | <12.5 | 12.5 |
Git-scm Git | <=2.14.2 | |
Git-scm Git | >=2.17.0<2.17.6 | |
Git-scm Git | >=2.18.0<2.18.5 | |
Git-scm Git | >=2.19.0<2.19.6 | |
Git-scm Git | >=2.20.0<2.20.5 | |
Git-scm Git | >=2.21.0<2.21.4 | |
Git-scm Git | >=2.22.0<2.22.5 | |
Git-scm Git | >=2.24.0<2.24.4 | |
Git-scm Git | >=2.25.0<2.25.5 | |
Git-scm Git | >=2.26.0<2.26.3 | |
Git-scm Git | >=2.29.0<2.29.3 | |
Git-scm Git | >=2.30.0<2.30.2 | |
Git-scm Git | =2.27.0 | |
Git-scm Git | =2.28.0 | |
Fedoraproject Fedora | =32 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Apple Xcode | <12.5 | |
Apple macOS | >=11.0 | |
Debian Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-21300 is a vulnerability in Git that allows a specially crafted repository to execute arbitrary code.
CVE-2021-21300 has a severity rating of 7.5 (high).
Git versions up to and including 2.14.2, and versions between 2.17.0 and 2.26.3 are affected by CVE-2021-21300.
To fix CVE-2021-21300, it is recommended to update Git to a version that is not affected by the vulnerability.
You can find more information about CVE-2021-21300 in the references provided: [link1](https://support.apple.com/en-us/HT212320), [link2](http://packetstormsecurity.com/files/163978/Git-LFS-Clone-Command-Execution.html), [link3](http://seclists.org/fulldisclosure/2021/Apr/60).