CVE-2021-28955: Uncontrolled Search Path Element

May 25, 2021

git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).

References

github.com/MichaelMure/git-bug/pull/604
github.com/MichaelMure/git-bug/security/advisories/GHSA-m898-h4pm-pqfr
github.com/advisories/GHSA-m898-h4pm-pqfr
nvd.nist.gov/vuln/detail/CVE-2021-28955

Detect and mitigate CVE-2021-28955 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →