CVE-2021-46101
First published: Mon Jan 31 2022(Updated: )
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Git for Windows | <=2.34.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Git for Windows vulnerability?
The vulnerability ID for this Git for Windows vulnerability is CVE-2021-46101.
What is the severity level of CVE-2021-46101?
The severity level of CVE-2021-46101 is high, with a severity value of 7.5.
How does CVE-2021-46101 affect Git for Windows?
CVE-2021-46101 affects Git for Windows versions up to and including 2.34.1.
What is the impact of CVE-2021-46101?
CVE-2021-46101 allows an attacker to run git.cmd directly on the local repository when using git pull to update.
Is there a fix available for CVE-2021-46101?
Yes, updating to version 2.34.2 or later of Git for Windows will fix CVE-2021-46101.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitforwindows
- canonical/git for windows
- version/git for windows/2.34.1