Login Sign Up

CVE-2021-36376

7.8 HIGH
Path Traversal

📋 TL;DR

This vulnerability in dandavison delta on Windows allows path traversal attacks by resolving executable paths relative to the current directory instead of using absolute paths. Attackers could trick delta into executing malicious binaries placed in unexpected locations. Only Windows users of delta versions before 0.8.3 are affected.

💻 Affected Systems

Products:
  • dandavison delta
Versions: All versions before 0.8.3
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows installations; Linux/macOS versions are not vulnerable due to different path resolution behavior.

📦 What is this software?

Delta by Delta Project

View all CVEs affecting Delta →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution if an attacker can place malicious executables in directories delta might access, potentially leading to full system compromise.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users run delta from untrusted directories containing malicious executables.

🟢

If Mitigated

Limited impact with proper directory permissions and user awareness, restricting execution to trusted paths only.

🌐 Internet-Facing: LOW - delta is typically a local command-line tool, not internet-facing.
🏢 Internal Only: MEDIUM - internal users could exploit if they can place executables in directories delta accesses.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires ability to place malicious executables in directories delta might access; exploitation depends on user behavior and directory permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.8.3

Vendor Advisory: https://github.com/dandavison/delta/releases/tag/0.8.3

Restart Required: No

Instructions:

1. Update delta to version 0.8.3 or later using your package manager or from GitHub releases. 2. Verify installation with 'delta --version'. 3. No restart required as delta is a command-line tool.

🔧 Temporary Workarounds

Use absolute paths for delta execution

windows

Always run delta from trusted directories or specify full paths to avoid relative path resolution issues.

Restrict directory permissions

windows

Limit write permissions to directories where delta might be executed to prevent malicious executable placement.

🧯 If You Can't Patch

  • Avoid running delta from untrusted directories or directories with unknown executable files.
  • Implement strict directory permissions and monitoring for unexpected executable creation in delta-accessible paths.

🔍 How to Verify

Check if Vulnerable:

Check delta version with 'delta --version' and verify if it's below 0.8.3 on Windows.

Check Version:

delta --version

Verify Fix Applied:

After updating, confirm version is 0.8.3 or higher with 'delta --version'.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process execution from delta, especially from non-standard directories

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Process creation where parent process is delta.exe and executable path contains relative path indicators like '..' or './'

📊 Metadata

CVE ID: CVE-2021-36376
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: July 13, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36376, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)