Skip to main content
CVE-2021-3028 CRITICAL PATCH Act Now

git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Git Big Picture
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-23899 CRITICAL PATCH Act Now

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Json Sanitizer
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy