CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2021-21300 | Git for Visual Studio Remote Code Execution Vulnerability | Microsoft Visual Studio 2019 | Critical | 17-03-2021 |
Technical Information
Brief overview of the risk:
This is a remote code execution vulnerability affecting Git, an open-source distributed revision control system. On case-insensitive file systems supporting symbolic links the ‘git clone’ feature of Git can be exploited to execute code on the file system during cloning of a specially crafted repository containing symbolic links and files using clean/smudge filters such as Git LFS. Git LFS(Large File Storage is used when handling large files such as audio and video) is configured by Git on Windows machines by default. The workaround for this vulnerability is to disable symbolic links or to avoid configuring clean/smudge filters such as Git LFS globally if updating to a newer Git version is not possible.
Further information on this vulnerability is available at : CVE-2021-21300
Affected Software
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Visual Studio 2019 version 16.8 (includes 16.0 - 16.7)