Advisory #54
Titledelta arbitrary programs execution from current directory
CVE IDCVE-2021-36376
Vendordelta maintainers
Affected productdelta
Affected versions=< 0.8.2
Vulnerability typeCWE-427 (Uncontrolled Search Path Element)
Descriptiondelta before 0.8.3 allows attackers to trigger execution of arbitrary programs from the current working directory, which may allow a malicious repository to execute arbitrary codes.
StatusFixed in 0.8.3
RecommendationUpdate to 0.8.3 or above.