Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-21300

Related Vulnerabilities: CVE-2021-21300  

No description is available for this CVE.

Source

Description

No description is available for this CVE.

Statement

This vulnerability affects case-insensitive file systems, therefore typical Linux scenarios should be safe. However as per upstream exploitation is even possible on Linux under certain circumstances.

This vulnerability affects case-insensitive file systems, therefore typical Linux scenarios should be safe. However as per upstream exploitation is even possible on Linux under certain circumstances.

Mitigation

If symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work.
Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. before cloning), the attack is foiled.
As always, it is best to avoid cloning repositories from untrusted sources.

Additional Information

  • Bugzilla 1935158: CVE-2021-21300 git: remote code execution during clone operation on case-insensitive filesystems
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
  • FAQ: Frequently asked questions about CVE-2021-21300

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started