{"vulnerability": "CVE-2021-21300", "sightings": [{"uuid": "d99dd2ca-fae4-41ed-a2b7-d19a773e8ca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21300", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "5f370857-83e6-46a0-99c3-a4f9ad43e109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21300", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:33.000000Z"}, {"uuid": "547ba9ed-3c3b-4872-aef8-8e8ec033154e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21300", "type": "published-proof-of-concept", "source": "https://t.me/cKure/6922", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0  Capture Credentials with our new SMB Server.\n\nMetasploit now captures NTLM hashes from any recent Windows release using SMBv2 and SMBv3, even with encrypted SMB traffic. Plus, twitter.com/chompie1337's eBPF exploit lands, along with modules for Git LFS and Geutebruck IP cameras.\n\nCVE-2021-21300\n\nhttps://www.rapid7.com/blog/post/2021/09/03/metasploit-wrap-up-128/", "creation_timestamp": "2021-09-03T19:25:13.000000Z"}, {"uuid": "03820306-5c14-496b-958a-9a6c1b9306a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21300", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/git_lfs_clone_command_exec.rb", "content": "", "creation_timestamp": "2021-08-26T17:36:06.000000Z"}, {"uuid": "af9ac1e8-12b7-436f-84b0-df08ac8ebbf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21300", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2911", "content": "#Analytics\n10 most exploited vulnerabilities of the week (march 8 - 14)\nCVE-2021-26855, CVE-2021-27065 - ProxyLogon MS Exchange Server RCE Vulnerability\nhttps://t.me/cybersecuritytechnologies/2835\nCVE-2021-1732 - Windows kernel 0-day exploit\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-22986, CVE-2021-22987 - F5 BIG-IP TMM uri_normalize_host infoleak and out-of-bounds write\nhttps://t.me/cybersecuritytechnologies/2881\nCVE-2021-21193 - Google Chrome Blink code execution\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193\nCVE-2021-21978 - VMware View Planner\u00a0RCE\nhttps://mobile.twitter.com/osama_hroot/status/1367258907601698816\nhttps://paper.seebug.org/1495\nCVE-2021-21300 - Git vulnerability\nhttps://t.me/cybersecuritytechnologies/2880\nCVE-2021-26411 - IE mshtml use-after-free\nhttps://t.me/cybersecuritytechnologies/2908", "creation_timestamp": "2021-03-15T11:00:37.000000Z"}, {"uuid": "205d4cc1-005d-4eaa-9365-159fb4d220d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21300", "type": "published-proof-of-concept", "source": "Telegram/hHATm5Nrh3ANUywlk7hhmeghL00fcWV_qTKwSJpifsgQxYQ", "content": "", "creation_timestamp": "2025-10-29T03:00:06.000000Z"}, {"uuid": "e46402e1-3c1c-430f-93b9-ae2b29ab98f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21300", "type": "published-proof-of-concept", "source": "https://t.me/infobes/295", "content": "#Analytics\n10 most exploited vulnerabilities of the week (march 8 - 14)\nCVE-2021-26855, CVE-2021-27065 - ProxyLogon MS Exchange Server RCE Vulnerability\nhttps://t.me/cybersecuritytechnologies/2835\nCVE-2021-1732 - Windows kernel 0-day exploit\nhttps://t.me/cybersecuritytechnologies/2679\nCVE-2021-22986, CVE-2021-22987 - F5 BIG-IP TMM uri_normalize_host infoleak and out-of-bounds write\nhttps://t.me/cybersecuritytechnologies/2881\nCVE-2021-21193 - Google Chrome Blink code execution\nhttps://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193\nCVE-2021-21978 - VMware View Planner\u00a0RCE\nhttps://mobile.twitter.com/osama_hroot/status/1367258907601698816\nhttps://paper.seebug.org/1495\nCVE-2021-21300 - Git vulnerability\nhttps://t.me/cybersecuritytechnologies/2880\nCVE-2021-26411 - IE mshtml use-after-free\nhttps://t.me/cybersecuritytechnologies/2908", "creation_timestamp": "2021-03-15T04:50:46.000000Z"}, {"uuid": "669dd834-aa55-47b8-b429-a1ad4a20eaee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21300", "type": "seen", "source": "https://t.me/cibsecurity/24649", "content": "\u203c CVE-2021-21300 \u203c\n\nGit is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-09T22:51:58.000000Z"}, {"uuid": "66cb61a2-5755-4732-94ad-2bcf18c9e93f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21300", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/837", "content": "\u6700\u8fd1\u6dfb\u52a0\u6f0f\u6d1e\uff08\u5982\u679c\u60a8\u5728Team\u5167\u53ef\u76f4\u63a5\u67e5\u770b\uff09\uff1a\nBus Pass Management System 1.0 SQL\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=LFzbUi\nCVE-2021-21307 WinWaste.NET 1.0.6183.16475 \u672c\u5730\u6b0a\u9650\u63d0\u5347\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=K10VCw\nCVE-2020-7387&CVE-2020-7388 Sage X3 Administration Service \u8eab\u4efd\u9a57\u8b49\u7e5e\u904e&\u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=b52hhB\nCVE-2021-34621 WordPress Plugin ProfilePress 3.1.3 \u6b0a\u9650\u63d0\u5347\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=k86vqZ\nCVE-2021-39271 BSCW Server \u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=BDzTae\nCVE-2021-36359 BSCW Server XML\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=ENsAuJ\nCVE-2021-21300 Git LFS Clone \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=SGwDct\nDyephotographic SQL\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=X7Hvce\nCVE-2020-6404 Google Chrome 80.0.3987.87 \u62d2\u7d55\u670d\u52d9\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=xzWCaC\nCVE-2019-19143 TP-Link TL-WR849N 0.9.1 4.16 \u8eab\u4efd\u9a57\u8b49\u7e5e\u904e\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=CPltjo\nCVE-2020-9038 Joplin Desktop 1.0.184 XSS\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=4ysOvF\nCVE-2020-5811 Umbraco CMS 8.9.1 \u76ee\u9304\u904d\u6b77&\u4efb\u610f\u6587\u4ef6\u5beb\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=jV0T9b\nCNVD-2021-35581 WPS For Linux RCE\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=hYL9m9", "creation_timestamp": "2021-09-21T04:41:55.000000Z"}, {"uuid": "390e8151-1088-40ce-a792-189930a7a62a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21300", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2880", "content": "#exploit\n1. CVE-2021-24091:\nOut-of-bounds write in WindowsCodecsRaw!COlympusE300LoadRaw\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2137\n\n2. CVE-2021-21300:\nGit vulnerability\nhttps://www.openwall.com/lists/oss-security/2021/03/09/3", "creation_timestamp": "2024-05-07T14:26:42.000000Z"}]}