CVE-2021-36753: Uncontrolled Search Path Element in sharkdp/bat
(updated )
bat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution.
References
- github.com/advisories/GHSA-p24j-h477-76q3
- github.com/sharkdp/bat
- github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956
- github.com/sharkdp/bat/pull/1724
- github.com/sharkdp/bat/releases/tag/v0.18.2
- nvd.nist.gov/vuln/detail/CVE-2021-36753
- rustsec.org/advisories/RUSTSEC-2021-0106.html
- vuln.ryotak.me/advisories/53
Code Behaviors & Features
Detect and mitigate CVE-2021-36753 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →