CVE-2021-39160

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions nbgitpuller versions prior to 0.10.2

Description The issue arises due to unsanitized input, allowing arbitrary code execution in the user environment when visiting maliciously crafted links.

Recommendations For versions prior to 0.10.2, upgrade to version 0.10.2 or downgrade to 0.8.x to resolve the issue. As a temporary workaround for users who cannot upgrade, there are no available workarounds other than upgrading to 0.10.2 or downgrading to 0.8.x.

Fix

Code Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-78

Related Identifiers

CVE-2021-39160

GHSA-MQ5P-2MCR-M52J

PYSEC-2021-315

Affected Products

Nbgitpuller

CVE-2021-39160

Weakness Enumeration

Related Identifiers

Affected Products

References · 9