Advisory #18 - RyotaK's Vuln DB

Advisory #18

Title	git-bug arbitrary code execution via malicious repository
CVE ID	CVE-2021-28955
Vendor	Michael Muré
Affected product	git-bug
Affected versions	- 0.7.1
Vulnerability type	CWE-427 (Uncontrolled Search Path Element)
Description	git-bug for Windows has a vulnerability that allows the malicious repository to hijack git executable, which leads arbitrary code execution.
Status	Fixed in 0.7.2
Recommendation	Update to 0.7.2 or above