The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade nodegit
to version 0.26.3 or higher.
nodegit is a Node bindings to the libgit2 project.
Affected versions of this package are vulnerable to Improper Handling of Alternate Data Stream. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.
This vulnerability affects Git when running inside the Windows Subsystem for Linux and only when working on Windows drives where NTFS short names are enabled (which is the case, by default, for the system drive, i.e. C:
).
The exploit uses a directory named git~1
and it allows remote code execution during a regular git clone
.
For this reason, Git now turns on core.protectNTFS
by default, which is also required to address CVE-2019-1352.