CVE-2021-32673 – CVE-2021-32673 is a critical command injection ... (How to Fix)

Q: What is the severity of CVE-2021-32673?

CVE-2021-32673 has a CVSS score of 8.8 (HIGH). CVE-2021-32673 is a critical command injection vulnerability in reg-keygen-git-hash-plugin that allows remote attackers to execute arbitrary commands on affected systems. This affects all users of reg-suit visual regression testing framework versions 0.10.15 and earlier. Attackers can exploit this to gain unauthorized access and control over vulnerable systems.

📋 TL;DR

CVE-2021-32673 is a critical command injection vulnerability in reg-keygen-git-hash-plugin that allows remote attackers to execute arbitrary commands on affected systems. This affects all users of reg-suit visual regression testing framework versions 0.10.15 and earlier. Attackers can exploit this to gain unauthorized access and control over vulnerable systems.

💻 Affected Systems

Products:

reg-keygen-git-hash-plugin
reg-suit

Versions: All versions through and including 0.10.15

Operating Systems: All platforms running Node.js

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any system using the vulnerable plugin within reg-suit visual regression testing framework.

📦 What is this software?

Reg Keygen Git Hash by Reg Keygen Git Hash Project

View all CVEs affecting Reg Keygen Git Hash →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands with the privileges of the reg-suit process, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Remote code execution leading to unauthorized access, data exfiltration, or deployment of malware on affected systems running vulnerable versions.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege principles, and input validation are implemented, though the vulnerability still presents significant risk.

🌐 Internet-Facing: HIGH - The vulnerability allows remote exploitation, making internet-facing instances particularly vulnerable to widespread attacks.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable to insider threats or attackers who have gained initial network access through other means.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in the Git commit hash processing functionality where user-controlled input is passed to shell commands without proper sanitization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.10.16 and later

Vendor Advisory: https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp

Restart Required: Yes

Instructions:

1. Update reg-suit to version 0.10.16 or later using npm update. 2. Update reg-keygen-git-hash-plugin to latest version. 3. Restart any running reg-suit processes or services. 4. Verify the fix by checking version numbers.

🔧 Temporary Workarounds

Disable or remove vulnerable plugin

all

Temporarily disable or remove the reg-keygen-git-hash-plugin from reg-suit configuration until patching can be completed.

npm uninstall reg-keygen-git-hash-plugin

Network isolation

all

Isolate systems running vulnerable versions from untrusted networks and internet access.

🧯 If You Can't Patch

Implement strict input validation and sanitization for all user-controlled data passed to Git operations
Run reg-suit processes with minimal privileges and in isolated containers or sandboxes

🔍 How to Verify

Check if Vulnerable:

Check package.json or run 'npm list reg-keygen-git-hash-plugin' to see if version is 0.10.15 or earlier

Check Version:

npm list reg-keygen-git-hash-plugin | grep reg-keygen-git-hash-plugin

Verify Fix Applied:

Verify installed version is 0.10.16 or later using 'npm list reg-keygen-git-hash-plugin'

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in system logs
Suspicious Git operations from reg-suit processes
Unexpected process spawns from reg-suit

Network Indicators:

Unusual outbound connections from reg-suit processes
Command and control traffic patterns

SIEM Query:

process.name:"node" AND process.args:"reg-suit" AND (process.args:"git" OR process.args:"exec" OR process.args:"spawn")

📊 Metadata

CVE ID: CVE-2021-32673

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

CWE: CWE-94

Published: June 8, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87 Patch,Third Party Advisory
https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16 Release Notes,Third Party Advisory
https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp Third Party Advisory
https://www.npmjs.com/package/reg-keygen-git-hash-plugin Product,Third Party Advisory
https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87 Patch,Third Party Advisory
https://github.com/reg-viz/reg-suit/releases/tag/v0.10.16 Release Notes,Third Party Advisory
https://github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp Third Party Advisory
https://www.npmjs.com/package/reg-keygen-git-hash-plugin Product,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32673, you might also want to check these: