Advisory #54
| Title | delta arbitrary programs execution from current directory |
| CVE ID | CVE-2021-36376 |
| Vendor | delta maintainers |
| Affected product | delta |
| Affected versions | =< 0.8.2 |
| Vulnerability type | CWE-427 (Uncontrolled Search Path Element) |
| Description | delta before 0.8.3 allows attackers to trigger execution of arbitrary programs from the current working directory, which may allow a malicious repository to execute arbitrary codes. |
| Status | Fixed in 0.8.3 |
| Recommendation | Update to 0.8.3 or above. |