CVE-2021-44685
Command injection in git-it-electron
9.8
CRITICAL
CVSS 3.1
EPSS 2.0%
Description
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).
How to fix CVE-2021-44685
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
Is CVE-2021-44685 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 4.3.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |