We found results for “”
WS-2022-0113
Good to know:
Date: February 15, 2022
On Windows, if git-sizer is run against a non-bare repository, and that repository has an executable called git.exe, git.bat, etc., then that executable might be run by git-sizer rather than the system git executable. An attacker could try to use social engineering to get a victim to run git-sizer against a hostile repository and thereby get the victim to run arbitrary code. On Linux or other Unix-derived platforms, a similar problem could occur if the user's PATH has the current directory before the path to the standard git executable, but this is would be a very unusual configuration that has been known for decades to lead to all kinds of security problems.
Language: Go
Severity Score
Severity Score
Weakness Type (CWE)
Untrusted Search Path
CWE-426Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |