CVE-2021-30483 - Vulnerability Details

Vendors	Products
Isomorphic-git	Isomorphic-git
Redhat	Rhev Hypervisor Rhev Manager

Package	CPE	Advisory	Released Date
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
vdsm-0:4.50.3.6-1.el8ev	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2023:0074	2023-01-11T00:00:00Z
Red Hat Virtualization Engine 4.4
ovirt-engine-ui-extensions-0:1.3.7-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2023:0074	2023-01-11T00:00:00Z

Link	Providers
https://github.com/isomorphic-git/isomorphic-git/pull/1339
https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2
https://nvd.nist.gov/vuln/detail/CVE-2021-30483
https://vuln.ryotak.me/advisories/28
https://www.cve.org/CVERecord?id=CVE-2021-30483

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-27T18:21:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://vuln.ryotak.me/advisories/28"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/isomorphic-git/isomorphic-git/pull/1339"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-30483", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://vuln.ryotak.me/advisories/28", "refsource": "MISC", "url": "https://vuln.ryotak.me/advisories/28"}, {"name": "https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2", "refsource": "MISC", "url": "https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2"}, {"name": "https://github.com/isomorphic-git/isomorphic-git/pull/1339", "refsource": "MISC", "url": "https://github.com/isomorphic-git/isomorphic-git/pull/1339"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:32:41.125Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuln.ryotak.me/advisories/28"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/isomorphic-git/isomorphic-git/pull/1339"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-30483", "datePublished": "2021-07-27T18:21:30", "dateReserved": "2021-04-10T00:00:00", "dateUpdated": "2024-08-03T22:32:41.125Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-07-27T18:21:30 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://vuln.ryotak.me/advisories/28 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://github.com/isomorphic-git/isomorphic-git/pull/1339 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2021-30483 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://vuln.ryotak.me/advisories/28 (string)

refsource : MISC (string)

url : https://vuln.ryotak.me/advisories/28 (string)

}

1 : { »

name : https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2 (string)

refsource : MISC (string)

url : https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2 (string)

}

2 : { »

name : https://github.com/isomorphic-git/isomorphic-git/pull/1339 (string)

refsource : MISC (string)

url : https://github.com/isomorphic-git/isomorphic-git/pull/1339 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T22:32:41.125Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://vuln.ryotak.me/advisories/28 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://github.com/isomorphic-git/isomorphic-git/pull/1339 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2021-30483 (string)

datePublished : 2021-07-27T18:21:30 (string)

dateReserved : 2021-04-10T00:00:00 (string)

dateUpdated : 2024-08-03T22:32:41.125Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isomorphic-git:isomorphic-git:*:*:*:*:*:*:*:*", "matchCriteriaId": "67586BAC-855E-4D67-935A-4B7ED3DFC1F5", "versionEndExcluding": "1.8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository."}, {"lang": "es", "value": "isomorphic-git versiones anteriores a 1.8.2, permite un Salto de Directorio por medio de un repositorio dise\u00f1ado"}], "id": "CVE-2021-30483", "lastModified": "2024-11-21T06:04:01.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-30T14:15:16.457", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/isomorphic-git/isomorphic-git/pull/1339"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://vuln.ryotak.me/advisories/28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/isomorphic-git/isomorphic-git/pull/1339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://vuln.ryotak.me/advisories/28"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:isomorphic-git:isomorphic-git:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 67586BAC-855E-4D67-935A-4B7ED3DFC1F5 (string)

versionEndExcluding : 1.8.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. (string)

}

1 : { »

lang : es (string)

value : isomorphic-git versiones anteriores a 1.8.2, permite un Salto de Directorio por medio de un repositorio diseñado (string)

}

]

id : CVE-2021-30483 (string)

lastModified : 2024-11-21T06:04:01.070 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-07-30T14:15:16.457 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://github.com/isomorphic-git/isomorphic-git/pull/1339 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Third Party Advisory (string)

]

url : https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://vuln.ryotak.me/advisories/28 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://github.com/isomorphic-git/isomorphic-git/pull/1339 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Third Party Advisory (string)

]

url : https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2 (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://vuln.ryotak.me/advisories/28 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-22 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2023:0074", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "vdsm-0:4.50.3.6-1.el8ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2023-01-11T00:00:00Z"}, {"advisory": "RHSA-2023:0074", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "impact": "low", "package": "ovirt-engine-ui-extensions-0:1.3.7-1.el8ev", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2023-01-11T00:00:00Z"}], "bugzilla": {"description": "isomorphic-git: Directory traversal via a crafted repository", "id": "1988539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1988539"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.", "A flaw was found in isomorphic-git. An attacker could cause a Directory Traversal via a crafted filepath in a repository being cloned."], "name": "CVE-2021-30483", "public_date": "2021-07-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-30483\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30483\nhttps://github.com/isomorphic-git/isomorphic-git/pull/1339\nhttps://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2\nhttps://vuln.ryotak.me/advisories/28"], "statement": "In Red Hat Virtualization, isomorphic-git is a build time dependency and is not delivered with the product. Therefore impact has been rated Low.", "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2023:0074 (string)

cpe : cpe:/o:redhat:rhev_hypervisor:4.4::el8 (string)

package : vdsm-0:4.50.3.6-1.el8ev (string)

product_name : Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 (string)

release_date : 2023-01-11T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2023:0074 (string)

cpe : cpe:/a:redhat:rhev_manager:4.4:el8 (string)

impact : low (string)

package : ovirt-engine-ui-extensions-0:1.3.7-1.el8ev (string)

product_name : Red Hat Virtualization Engine 4.4 (string)

release_date : 2023-01-11T00:00:00Z (string)

}

]

bugzilla : { »

description : isomorphic-git: Directory traversal via a crafted repository (string)

id : 1988539 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1988539 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.3 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (string)

status : verified (string)

}

cwe : CWE-22 (string)

details : [ »

0 : isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. (string)

1 : A flaw was found in isomorphic-git. An attacker could cause a Directory Traversal via a crafted filepath in a repository being cloned. (string)

]

name : CVE-2021-30483 (string)

public_date : 2021-07-30T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2021-30483 https://nvd.nist.gov/vuln/detail/CVE-2021-30483 https://github.com/isomorphic-git/isomorphic-git/pull/1339 https://github.com/isomorphic-git/isomorphic-git/releases/tag/v1.8.2 https://vuln.ryotak.me/advisories/28 (string)

]

statement : In Red Hat Virtualization, isomorphic-git is a build time dependency and is not delivered with the product. Therefore impact has been rated Low. (string)

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object