CVE-2021-46101

EUVD-2021-32802
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
gitforwindowsgit
𝑥
≤ 2.34.1
𝑥
= Vulnerable software versions
References
https://github.com/0xADY/git_rce
https://github.com/0xADY/git_rce