CVE-2021-36753

HIGH

Bat < 0.18.2 - Uncontrolled Search Path

Title source: rule

Description

sharkdp BAT before 0.18.2 executes less.exe from the current working directory.

References (4)

[Patch, Third Party Advisory] https://github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956

[Patch, Third Party Advisory] https://github.com/sharkdp/bat/pull/1724

[Release Notes, Third Party Advisory] https://github.com/sharkdp/bat/releases/tag/v0.18.2

[Third Party Advisory] https://vuln.ryotak.me/advisories/53

Scores

CVSS v3 7.8

EPSS 0.0019

EPSS Percentile 41.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

bat_project/bat < 0.18.2

crates.io/bat < 0.18.2crates.io

Timeline

Published Jul 15, 2021

Tracked Since Feb 18, 2026