What is CVE-2021-21300?

CVE-2021-21300 is a vulnerability in Git that allows a specially crafted repository to execute arbitrary code.

What is the severity of CVE-2021-21300?

CVE-2021-21300 has a severity rating of 7.5 (high).

Which versions of Git are affected by CVE-2021-21300?

Git versions up to and including 2.14.2, and versions between 2.17.0 and 2.26.3 are affected by CVE-2021-21300.

How can I fix CVE-2021-21300?

To fix CVE-2021-21300, it is recommended to update Git to a version that is not affected by the vulnerability.

Where can I find more information about CVE-2021-21300?

You can find more information about CVE-2021-21300 in the references provided: [link1](https://support.apple.com/en-us/HT212320), [link2](http://packetstormsecurity.com/files/163978/Git-LFS-Clone-Command-Execution.html), [link3](http://seclists.org/fulldisclosure/2021/Apr/60).

Vulnerability/
CVE-2021-21300

high

CWE

9/3/2021

6/12/2022

CVE-2021-21300

First published: Tue Mar 09 2021(Updated: )

Git. This issue was addressed with improved checks.

Credit: an anonymous researcher security-advisories@github.com

Affected Software	Affected Version	How to fix
Apple Xcode	<12.5	12.5
Git-scm Git	<=2.14.2
Git-scm Git	>=2.17.0<2.17.6
Git-scm Git	>=2.18.0<2.18.5
Git-scm Git	>=2.19.0<2.19.6
Git-scm Git	>=2.20.0<2.20.5
Git-scm Git	>=2.21.0<2.21.4
Git-scm Git	>=2.22.0<2.22.5
Git-scm Git	>=2.24.0<2.24.4
Git-scm Git	>=2.25.0<2.25.5
Git-scm Git	>=2.26.0<2.26.3
Git-scm Git	>=2.29.0<2.29.3
Git-scm Git	>=2.30.0<2.30.2
Git-scm Git	=2.27.0
Git-scm Git	=2.28.0
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33
Fedoraproject Fedora	=34
Apple Xcode	<12.5
Apple macOS	>=11.0
Debian Debian Linux	=10.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

HT212320

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2021-21300

Frequently Asked Questions

What is CVE-2021-21300?
CVE-2021-21300 is a vulnerability in Git that allows a specially crafted repository to execute arbitrary code.
What is the severity of CVE-2021-21300?
CVE-2021-21300 has a severity rating of 7.5 (high).
Which versions of Git are affected by CVE-2021-21300?
Git versions up to and including 2.14.2, and versions between 2.17.0 and 2.26.3 are affected by CVE-2021-21300.
How can I fix CVE-2021-21300?
To fix CVE-2021-21300, it is recommended to update Git to a version that is not affected by the vulnerability.
Where can I find more information about CVE-2021-21300?
You can find more information about CVE-2021-21300 in the references provided: [link1](https://support.apple.com/en-us/HT212320), [link2](http://packetstormsecurity.com/files/163978/Git-LFS-Clone-Command-Execution.html), [link3](http://seclists.org/fulldisclosure/2021/Apr/60).

collector/apple-support
collector/nvd-index
agent/severity
agent/weakness
agent/references
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/first-publish-date
vendor/apple
canonical/apple xcode
vendor/git-scm
canonical/git-scm git
version/git-scm git/2.14.2
version/git-scm git/2.17.0
version/git-scm git/2.18.0
version/git-scm git/2.19.0
version/git-scm git/2.20.0
version/git-scm git/2.21.0
version/git-scm git/2.22.0
version/git-scm git/2.23.0
version/git-scm git/2.24.0
version/git-scm git/2.25.0
version/git-scm git/2.26.0
version/git-scm git/2.29.0
version/git-scm git/2.30.0
version/git-scm git/2.27.0
version/git-scm git/2.28.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32
version/fedoraproject fedora/33
version/fedoraproject fedora/34
canonical/apple macos
version/apple macos/11.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0