Advisory #17
| Title | bit arbitrary code execution via malicious repository |
| CVE ID | CVE-2021-28954 |
| Vendor | Chris Walz |
| Affected product | bit |
| Affected versions | - 1.0.4 |
| Vulnerability type | CWE-427 (Uncontrolled Search Path Element) |
| Description | bit for Windows has a vulnerability that allows the malicious repository to hijack git executable, which leads arbitrary code execution. |
| Status | Fixed in 1.0.5 |
| Recommendation | Update to 1.0.5 or above |