Headline
CVE-2021-32673: Build software better, together
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.
Remote Command Execution in reg-keygen-git-hash-plugin
High
Quramy published GHSA-49q3-8867-5wmp
Jun 8, 2021
Package
npm reg-keygen-git-hash-plugin ( npm )
Affected versions
<0.10.16
Description
Impact
reg-keygen-git-hash-plugin through 0.10.15 allow remote attackers to execute of arbitrary commands.
Patches
Upgrade to version 0.10.16 or later.
For more information
If you have any questions or comments about this advisory:
- Open an issue in reg-viz/reg-suit
Severity
CVSS base metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Weaknesses