Homepage
About Snyk

Remote Code Execution (RCE) Affecting git-big-picture package, versions [,1.0.0)

0.0
high

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.52% (77th percentile)
Expand this section
NVD
9.8 critical

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-GITBIGPICTURE-1059422
  • published 14 Jan 2021
  • disclosed 14 Jan 2021
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 14 Jan 2021

CVE-2021-3028 Open this link in a new tab
CWE-94 Open this link in a new tab

How to fix?

Upgrade git-big-picture to version 1.0.0 or higher.

Overview

git-big-picture is a visualization tool for Git repositories. You can think of it as a filter that removes uninteresting commits from a DAG modelling a Git repository and thereby exposes the big picture: for example the hierarchy of tags and branches. git-big-picture supports convenience output options and can filter different classes of commits. It uses the Graphviz utility to render images that are pleasing to the eye.

Affected versions of this package are vulnerable to Remote Code Execution (RCE). Mishandles ' characters in a branch name, leading to code execution.