CVE-2021-46101

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
gitforwindowsgit
𝑥
≤ 2.34.1
𝑥
= Vulnerable software versions
References
https://github.com/0xADY/git_rce
https://github.com/0xADY/git_rce