CVE-2024-21531

MEDIUM

git-shallow-clone - OS Command Injection via Process Variable

Title source: llm

Description

All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function.

References (2)

Core 2

Core References

Various Sources

https://github.com/10uei011/git-shallow-clone/blob/master/index.js%23L27

Third Party Advisory

https://security.snyk.io/vuln/SNYK-JS-GITSHALLOWCLONE-3253853

Scores

CVSS v3 5.3

EPSS 0.0010

EPSS Percentile 26.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-78

Status published

Products (2)

n/a/git-shallow-clone

npm/git-shallow-clone 0npm

Published Oct 01, 2024

Tracked Since Feb 18, 2026