Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZneHEtcDQ5Zi1xdzk5

Directory Traversal in isomorphic-git

isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository.

Permalink: https://github.com/advisories/GHSA-fgxq-p49f-qw99
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZneHEtcDQ5Zi1xdzk5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago

CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-fgxq-p49f-qw99, CVE-2021-30483
References:

Repository: https://github.com/isomorphic-git/isomorphic-git
Blast Radius: 17.8

Affected Packages

npm:isomorphic-git

Dependent packages: 389
Dependent repositories: 2,268
Downloads: 1,643,568 last month
Affected Version Ranges: < 1.8.2
Fixed in: 1.8.2
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.0.10, 0.0.11, 0.0.12, 0.0.13, 0.0.14, 0.0.15, 0.0.16, 0.0.17, 0.0.18, 0.0.19, 0.0.20, 0.0.21, 0.0.22, 0.0.23, 0.0.24, 0.0.25, 0.0.26, 0.0.27, 0.0.28, 0.0.29, 0.0.30, 0.0.31, 0.0.32, 0.0.33, 0.0.34, 0.0.35, 0.0.36, 0.0.37, 0.0.38, 0.1.0, 0.2.0, 0.2.1, 0.3.0, 0.4.0, 0.5.0, 0.5.1, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.10.0, 0.10.1, 0.10.2, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.13.0, 0.13.1, 0.13.2, 0.14.0, 0.14.1, 0.14.2, 0.14.3, 0.15.0, 0.16.0, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.18.0, 0.18.1, 0.18.2, 0.18.3, 0.18.4, 0.18.5, 0.19.0, 0.19.1, 0.19.2, 0.19.3, 0.19.4, 0.19.5, 0.19.6, 0.19.7, 0.19.8, 0.19.9, 0.19.10, 0.19.11, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.22.1, 0.22.2, 0.22.3, 0.23.0, 0.24.0, 0.24.1, 0.24.2, 0.24.3, 0.24.4, 0.25.0, 0.26.0, 0.27.0, 0.28.0, 0.28.1, 0.28.2, 0.28.3, 0.29.0, 0.30.0, 0.31.0, 0.31.1, 0.32.0, 0.33.0, 0.33.1, 0.34.0, 0.34.1, 0.34.2, 0.34.3, 0.35.0, 0.35.1, 0.35.2, 0.35.3, 0.35.4, 0.35.5, 0.35.6, 0.35.7, 0.36.0, 0.36.1, 0.37.0, 0.37.1, 0.37.2, 0.37.3, 0.37.4, 0.38.0, 0.38.1, 0.38.2, 0.39.0, 0.39.1, 0.39.2, 0.39.3, 0.39.4, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.40.4, 0.41.0, 0.42.0, 0.43.0, 0.43.1, 0.43.2, 0.44.0, 0.44.1, 0.44.2, 0.45.0, 0.45.1, 0.45.2, 0.46.0, 0.46.1, 0.46.2, 0.46.3, 0.46.4, 0.47.0, 0.48.0, 0.49.0, 0.50.0, 0.50.1, 0.51.0, 0.51.1, 0.51.2, 0.51.3, 0.51.4, 0.51.5, 0.51.6, 0.51.7, 0.51.8, 0.51.9, 0.51.10, 0.51.11, 0.51.12, 0.51.13, 0.52.0, 0.52.1, 0.53.0, 0.54.0, 0.54.1, 0.54.2, 0.55.0, 0.55.1, 0.55.2, 0.55.3, 0.55.4, 0.55.5, 0.55.6, 0.56.0, 0.57.0, 0.57.1, 0.58.0, 0.58.1, 0.58.2, 0.59.0, 0.60.0, 0.60.1, 0.60.2, 0.61.0, 0.62.0, 0.63.0, 0.64.0, 0.64.1, 0.64.2, 0.64.3, 0.64.4, 0.64.5, 0.64.6, 0.65.0, 0.65.1, 0.66.0, 0.67.0, 0.67.1, 0.67.2, 0.67.3, 0.67.4, 0.67.5, 0.68.0, 0.69.0, 0.70.0, 0.70.1, 0.70.2, 0.70.3, 0.70.4, 0.70.5, 0.70.6, 0.70.7, 0.70.8, 0.70.9, 0.71.0, 0.72.0, 0.72.1, 0.73.0, 0.73.1, 0.73.2, 0.73.3, 0.74.0, 0.75.0, 0.75.1, 0.76.0, 0.77.0, 0.77.1, 0.78.0, 0.78.1, 0.78.2, 0.78.3, 0.78.4, 0.78.5, 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.6.0, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.8.0, 1.8.1
All unaffected versions: 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.8.8, 1.8.9, 1.8.10, 1.9.0, 1.9.1, 1.9.2, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.11.0, 1.11.1, 1.11.2, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.14.0, 1.15.0, 1.15.1, 1.15.2, 1.16.0, 1.17.0, 1.17.1, 1.17.2, 1.17.3, 1.18.0, 1.18.1, 1.18.2, 1.18.3, 1.19.0, 1.19.1, 1.19.2, 1.19.3, 1.20.0, 1.21.0, 1.22.0, 1.23.0, 1.24.0, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.24.5, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.25.4, 1.25.5, 1.25.6, 1.25.7