csaf_opensuse - opensuse-su-2021:0405-1

Vulnerability from csaf_opensuse

Published

2021-03-14 14:08

Modified

2021-03-14 14:08

Summary

Security update for git

Notes

Title of the patch

Security update for git

Description of the patch

This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could be fooled into running remote code during a clone. (bsc#1183026, CVE-2021-21300) This update was imported from the SUSE:SLE-15:Update update project.

Patchnames

openSUSE-2021-405

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for git",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for git fixes the following issues:\n\n- On case-insensitive filesystems, with support for symbolic links,\n  if Git is configured globally to apply delay-capable clean/smudge\n  filters (such as Git LFS), Git could be fooled into running\n  remote code during a clone. (bsc#1183026, CVE-2021-21300)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "openSUSE-2021-405",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0405-1.json",
         },
         {
            category: "self",
            summary: "URL for openSUSE-SU-2021:0405-1",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/33ZBSRS6RUAL5LAGWR6DDONQJXFU6FIT/",
         },
         {
            category: "self",
            summary: "E-Mail link for openSUSE-SU-2021:0405-1",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/33ZBSRS6RUAL5LAGWR6DDONQJXFU6FIT/",
         },
         {
            category: "self",
            summary: "SUSE Bug 1183026",
            url: "https://bugzilla.suse.com/1183026",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-21300 page",
            url: "https://www.suse.com/security/cve/CVE-2021-21300/",
         },
      ],
      title: "Security update for git",
      tracking: {
         current_release_date: "2021-03-14T14:08:26Z",
         generator: {
            date: "2021-03-14T14:08:26Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "openSUSE-SU-2021:0405-1",
         initial_release_date: "2021-03-14T14:08:26Z",
         revision_history: [
            {
               date: "2021-03-14T14:08:26Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "git-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-arch-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-arch-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-arch-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-core-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-core-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-core-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-credential-gnome-keyring-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-credential-gnome-keyring-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-credential-gnome-keyring-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-credential-libsecret-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-credential-libsecret-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-credential-libsecret-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-cvs-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-cvs-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-cvs-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-daemon-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-daemon-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-daemon-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-email-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-email-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-email-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-gui-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-gui-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-gui-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-p4-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-p4-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-p4-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-svn-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-svn-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-svn-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-web-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "git-web-2.26.2-lp152.2.6.1.i586",
                           product_id: "git-web-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "gitk-2.26.2-lp152.2.6.1.i586",
                        product: {
                           name: "gitk-2.26.2-lp152.2.6.1.i586",
                           product_id: "gitk-2.26.2-lp152.2.6.1.i586",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "i586",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "git-doc-2.26.2-lp152.2.6.1.noarch",
                        product: {
                           name: "git-doc-2.26.2-lp152.2.6.1.noarch",
                           product_id: "git-doc-2.26.2-lp152.2.6.1.noarch",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "noarch",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "git-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-arch-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-arch-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-arch-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-core-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-core-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-core-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-credential-gnome-keyring-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-credential-gnome-keyring-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-credential-gnome-keyring-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-credential-libsecret-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-credential-libsecret-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-credential-libsecret-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-cvs-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-cvs-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-cvs-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-daemon-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-daemon-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-daemon-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-email-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-email-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-email-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-gui-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-gui-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-gui-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-p4-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-p4-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-p4-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-svn-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-svn-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-svn-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "git-web-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "git-web-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "git-web-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "gitk-2.26.2-lp152.2.6.1.x86_64",
                        product: {
                           name: "gitk-2.26.2-lp152.2.6.1.x86_64",
                           product_id: "gitk-2.26.2-lp152.2.6.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.2",
                        product: {
                           name: "openSUSE Leap 15.2",
                           product_id: "openSUSE Leap 15.2",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.2",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-arch-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-arch-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-arch-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-arch-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-arch-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-arch-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-core-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-core-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-core-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-core-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-core-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-core-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-credential-gnome-keyring-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-credential-gnome-keyring-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-credential-gnome-keyring-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-credential-gnome-keyring-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-credential-gnome-keyring-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-credential-gnome-keyring-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-credential-libsecret-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-credential-libsecret-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-credential-libsecret-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-credential-libsecret-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-credential-libsecret-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-credential-libsecret-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-cvs-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-cvs-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-cvs-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-cvs-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-cvs-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-cvs-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-daemon-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-daemon-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-daemon-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-daemon-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-daemon-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-daemon-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-doc-2.26.2-lp152.2.6.1.noarch as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-doc-2.26.2-lp152.2.6.1.noarch",
            },
            product_reference: "git-doc-2.26.2-lp152.2.6.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-email-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-email-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-email-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-email-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-email-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-email-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-gui-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-gui-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-gui-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-gui-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-gui-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-gui-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-p4-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-p4-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-p4-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-p4-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-p4-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-p4-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-svn-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-svn-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-svn-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-svn-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-svn-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-svn-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-web-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-web-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "git-web-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "git-web-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:git-web-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "git-web-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "gitk-2.26.2-lp152.2.6.1.i586 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:gitk-2.26.2-lp152.2.6.1.i586",
            },
            product_reference: "gitk-2.26.2-lp152.2.6.1.i586",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "gitk-2.26.2-lp152.2.6.1.x86_64 as component of openSUSE Leap 15.2",
               product_id: "openSUSE Leap 15.2:gitk-2.26.2-lp152.2.6.1.x86_64",
            },
            product_reference: "gitk-2.26.2-lp152.2.6.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.2",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2021-21300",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-21300",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Leap 15.2:git-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-arch-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-arch-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-core-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-core-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-credential-gnome-keyring-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-credential-gnome-keyring-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-credential-libsecret-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-credential-libsecret-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-cvs-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-cvs-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-daemon-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-daemon-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-doc-2.26.2-lp152.2.6.1.noarch",
               "openSUSE Leap 15.2:git-email-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-email-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-gui-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-gui-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-p4-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-p4-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-svn-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-svn-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:git-web-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:git-web-2.26.2-lp152.2.6.1.x86_64",
               "openSUSE Leap 15.2:gitk-2.26.2-lp152.2.6.1.i586",
               "openSUSE Leap 15.2:gitk-2.26.2-lp152.2.6.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-21300",
               url: "https://www.suse.com/security/cve/CVE-2021-21300",
            },
            {
               category: "external",
               summary: "SUSE Bug 1183026 for CVE-2021-21300",
               url: "https://bugzilla.suse.com/1183026",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Leap 15.2:git-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-arch-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-arch-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-core-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-core-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-credential-gnome-keyring-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-credential-gnome-keyring-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-credential-libsecret-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-credential-libsecret-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-cvs-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-cvs-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-daemon-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-daemon-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-doc-2.26.2-lp152.2.6.1.noarch",
                  "openSUSE Leap 15.2:git-email-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-email-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-gui-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-gui-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-p4-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-p4-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-svn-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-svn-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-web-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-web-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:gitk-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:gitk-2.26.2-lp152.2.6.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Leap 15.2:git-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-arch-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-arch-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-core-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-core-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-credential-gnome-keyring-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-credential-gnome-keyring-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-credential-libsecret-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-credential-libsecret-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-cvs-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-cvs-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-daemon-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-daemon-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-doc-2.26.2-lp152.2.6.1.noarch",
                  "openSUSE Leap 15.2:git-email-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-email-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-gui-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-gui-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-p4-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-p4-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-svn-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-svn-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:git-web-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:git-web-2.26.2-lp152.2.6.1.x86_64",
                  "openSUSE Leap 15.2:gitk-2.26.2-lp152.2.6.1.i586",
                  "openSUSE Leap 15.2:gitk-2.26.2-lp152.2.6.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2021-03-14T14:08:26Z",
               details: "important",
            },
         ],
         title: "CVE-2021-21300",
      },
   ],
}

cve-2021-21300

Vulnerability from cvelistv5

Published

2021-03-09 00:00

Modified

2024-08-03 18:09

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Summary

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.

References

▼	URL	Tags
	https://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm
	https://lore.kernel.org/git/xmqqim6019yd.fsf%40gitster.c.googlers.com/
	https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks
	https://git-scm.com/docs/gitattributes#_filter
	https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592
	http://www.openwall.com/lists/oss-security/2021/03/09/3	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCLJJLKKMS5WRFO6C475AOUZTWQLIARX/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMXX2POK5X576BSDWSXGU7EIK6I72ERU/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBPNGLQSYJHLZZ37BO42YY6S5OTIF4L4/	vendor-advisory
	https://support.apple.com/kb/HT212320
	http://seclists.org/fulldisclosure/2021/Apr/60	mailing-list
	https://security.gentoo.org/glsa/202104-01	vendor-advisory
	http://packetstormsecurity.com/files/163978/Git-LFS-Clone-Command-Execution.html
	https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html	mailing-list

Impacted products

	Vendor	Product	Version
	git	git	Version: >= 2.14.2, < 2.17.62.17.6 Version: >= 2.18.0, < 2.18.5 Version: >= 2.19.0, < 2.19.6 Version: >= 2.20.0, < 2.20.5 Version: >= 2.21.0, < 2.21.4 Version: >= 2.22.0, < 2.22.5 Version: >= 2.23.0, < 2.23.4 Version: >= 2.24.0, < 2.24.4 Version: >= 2.25.0, < 2.25.5 Version: >= 2.26.0, < 2.26.3 Version: >= 2.27.0, < 2.27.1 Version: >= 2.28.0, < 2.28.1 Version: >= 2.29.0, < 2.29.3 Version: >= 2.30.0, < 2.30.1

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T18:09:15.850Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lore.kernel.org/git/xmqqim6019yd.fsf%40gitster.c.googlers.com/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git-scm.com/docs/gitattributes#_filter",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592",
               },
               {
                  name: "[oss-security] 20210309 git: malicious repositories can execute remote code while cloning",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/03/09/3",
               },
               {
                  name: "FEDORA-2021-63fcbd126e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCLJJLKKMS5WRFO6C475AOUZTWQLIARX/",
               },
               {
                  name: "FEDORA-2021-ffd0b2108d",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMXX2POK5X576BSDWSXGU7EIK6I72ERU/",
               },
               {
                  name: "FEDORA-2021-03e61a6647",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBPNGLQSYJHLZZ37BO42YY6S5OTIF4L4/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT212320",
               },
               {
                  name: "20210427 APPLE-SA-2021-04-26-10 Xcode 12.5",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2021/Apr/60",
               },
               {
                  name: "GLSA-202104-01",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202104-01",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/163978/Git-LFS-Clone-Command-Execution.html",
               },
               {
                  name: "[debian-lts-announce] 20221010 [SECURITY] [DLA 3145-1] git security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "git",
               vendor: "git",
               versions: [
                  {
                     status: "affected",
                     version: ">= 2.14.2, < 2.17.62.17.6",
                  },
                  {
                     status: "affected",
                     version: ">= 2.18.0, < 2.18.5",
                  },
                  {
                     status: "affected",
                     version: ">= 2.19.0, < 2.19.6",
                  },
                  {
                     status: "affected",
                     version: ">= 2.20.0, < 2.20.5",
                  },
                  {
                     status: "affected",
                     version: ">= 2.21.0, < 2.21.4",
                  },
                  {
                     status: "affected",
                     version: ">= 2.22.0, < 2.22.5",
                  },
                  {
                     status: "affected",
                     version: ">= 2.23.0, < 2.23.4",
                  },
                  {
                     status: "affected",
                     version: ">= 2.24.0, < 2.24.4",
                  },
                  {
                     status: "affected",
                     version: ">= 2.25.0, < 2.25.5",
                  },
                  {
                     status: "affected",
                     version: ">= 2.26.0, < 2.26.3",
                  },
                  {
                     status: "affected",
                     version: ">= 2.27.0, < 2.27.1",
                  },
                  {
                     status: "affected",
                     version: ">= 2.28.0, < 2.28.1",
                  },
                  {
                     status: "affected",
                     version: ">= 2.29.0, < 2.29.3",
                  },
                  {
                     status: "affected",
                     version: ">= 2.30.0, < 2.30.1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-59",
                     description: "CWE-59 Improper Link Resolution Before File Access ('Link Following')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-11T00:00:00",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               url: "https://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm",
            },
            {
               url: "https://lore.kernel.org/git/xmqqim6019yd.fsf%40gitster.c.googlers.com/",
            },
            {
               url: "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks",
            },
            {
               url: "https://git-scm.com/docs/gitattributes#_filter",
            },
            {
               url: "https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592",
            },
            {
               name: "[oss-security] 20210309 git: malicious repositories can execute remote code while cloning",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/03/09/3",
            },
            {
               name: "FEDORA-2021-63fcbd126e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCLJJLKKMS5WRFO6C475AOUZTWQLIARX/",
            },
            {
               name: "FEDORA-2021-ffd0b2108d",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMXX2POK5X576BSDWSXGU7EIK6I72ERU/",
            },
            {
               name: "FEDORA-2021-03e61a6647",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBPNGLQSYJHLZZ37BO42YY6S5OTIF4L4/",
            },
            {
               url: "https://support.apple.com/kb/HT212320",
            },
            {
               name: "20210427 APPLE-SA-2021-04-26-10 Xcode 12.5",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2021/Apr/60",
            },
            {
               name: "GLSA-202104-01",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202104-01",
            },
            {
               url: "http://packetstormsecurity.com/files/163978/Git-LFS-Clone-Command-Execution.html",
            },
            {
               name: "[debian-lts-announce] 20221010 [SECURITY] [DLA 3145-1] git security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html",
            },
         ],
         source: {
            advisory: "GHSA-8prw-h3cq-mghm",
            discovery: "UNKNOWN",
         },
         title: "malicious repositories can execute remote code while cloning",
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2021-21300",
      datePublished: "2021-03-09T00:00:00",
      dateReserved: "2020-12-22T00:00:00",
      dateUpdated: "2024-08-03T18:09:15.850Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_opensuse

cve-2021-21300

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature