CVE-2024-21531

Summary

CVE-2024-21531 identifies a command injection vulnerability present in all versions of the git-shallow-clone package, stemming from inadequate sanitization of the process variable within the gitShallowClone function. Affected products include any implementations utilizing this package, which could allow malicious actors to execute arbitrary commands with low privileges through local access. The vulnerability has a medium severity rating, with a CVSS score of 5.3, indicating potential impacts on integrity and confidentiality, albeit at a low level. To remediate this issue, users are advised to update to patched versions that address the vulnerability by properly sanitizing input variables. Failure to act on this vulnerability could expose organizations to unauthorized command execution risks within their systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.