High severityNVD Advisory· Published Jun 8, 2021· Updated Aug 3, 2024
Remote Command Execution in reg-keygen-git-hash-plugin
CVE-2021-32673
Description
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
reg-keygen-git-hash-pluginnpm | < 0.10.16 | 0.10.16 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-49q3-8867-5wmpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32673ghsaADVISORY
- github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87ghsax_refsource_MISCWEB
- github.com/reg-viz/reg-suit/releases/tag/v0.10.16ghsax_refsource_MISCWEB
- github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmpghsax_refsource_CONFIRMWEB
- www.npmjs.com/package/reg-keygen-git-hash-pluginghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.