CVE-2021-28954

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-28954

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28954.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-28954

Published

2021-03-21T05:15:13.290Z

Modified

2026-03-14T10:50:30.142848Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.

References

Affected packages

Git / github.com/chriswalz/bit

Affected ranges

Type

GIT

Repo

https://github.com/chriswalz/bit

Events

Introduced

Fixed

6cb6e95d234c2d0ff256ada302e666903534cc91

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.5"
        }
    ]
}

Affected versions

'0.*

'0.3.4'

'0.3.5'

0.*

0.2.4

0.3.4

0.3.6

v0.*

v0.1-beta

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.3.1

v0.3.10

v0.3.11

v0.3.12

v0.3.13

v0.3.14

v0.3.15

v0.3.2

v0.3.26

v0.3.3

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.4.1

v0.4.10

v0.4.11

v0.4.12

v0.4.14

v0.4.15

v0.4.16

v0.4.17

v0.4.18

v0.4.19

v0.4.2

v0.4.20

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5.1

v0.5.10

v0.5.11

v0.5.12

v0.5.13

v0.5.14

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.6.10

v0.6.11

v0.6.12

v0.6.13

v0.6.14

v0.6.15

v0.6.16

v0.6.17

v0.6.2

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.6.9

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.8.0

v0.8.1

v0.8.10

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.9

v0.9.0

v0.9.1

v0.9.10

v0.9.11

v0.9.12

v0.9.13

v0.9.14

v0.9.15

v0.9.16

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28954.json"