CVE-2021-28954

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-28954

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28954.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-28954

Published

2021-03-21T05:15:13.290Z

Modified

2025-11-14T11:36:32.193698Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.

References

Affected packages

Git / github.com/chriswalz/bit

Affected ranges

Type: GIT
Repo: https://github.com/chriswalz/bit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6cb6e95d234c2d0ff256ada302e666903534cc91

Affected versions

'0.*

'0.3.4'

'0.3.5'

0.*

0.2.4

0.3.4

0.3.6

v0.*

v0.1-beta

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.3.1

v0.3.10

v0.3.11

v0.3.12

v0.3.13

v0.3.14

v0.3.15

v0.3.2

v0.3.26

v0.3.3

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.4.1

v0.4.10

v0.4.11

v0.4.12

v0.4.14

v0.4.15

v0.4.16

v0.4.17

v0.4.18

v0.4.19

v0.4.2

v0.4.20

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5.1

v0.5.10

v0.5.11

v0.5.12

v0.5.13

v0.5.14

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.6.10

v0.6.11

v0.6.12

v0.6.13

v0.6.14

v0.6.15

v0.6.16

v0.6.17

v0.6.2

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.6.9

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.8.0

v0.8.1

v0.8.10

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.9

v0.9.0

v0.9.1

v0.9.10

v0.9.11

v0.9.12

v0.9.13

v0.9.14

v0.9.15

v0.9.16

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28954.json"