PT-2021-17997 · Unknown · Chris Walz Bit

Ryotak

Published

2021-03-21

Updated

2022-05-20

CVE-2021-28954

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Chris Walz bit version 1.0.4 and earlier

Description: Attackers can run arbitrary code via a .exe file in a crafted repository. This issue affects Chris Walz bit on Windows, allowing for the execution of arbitrary code.

Recommendations: For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted repositories to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2021-28954

Affected Products

Chris Walz Bit

PT-2021-17997 · Unknown · Chris Walz Bit

CVE-2021-28954

Weakness Enumeration

Related Identifiers

Affected Products

References · 8