Lucene search

CVE-2021-21316

🗓️ 16 Feb 2021 18:12:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 58 Views

less-openui5 npm package before v0.10 allows execution of JavaScript code in theming resources from untrusted source

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
OSV	GHSA-3CRJ-W4F5-GWH4 Processing untrusted theming resources might execute arbitrary code (ACE)	29 Jan 202120:51	–	osv
OSV	CVE-2021-21316	16 Feb 202118:15	–	osv
Prion	Privilege escalation	16 Feb 202118:15	–	prion
Cvelist	CVE-2021-21316 Arbitrary code execution in less-openui5	16 Feb 202117:35	–	cvelist
NVD	CVE-2021-21316	16 Feb 202118:15	–	nvd
Veracode	Arbitrary Code Execution	1 Feb 202106:19	–	veracode
Github Security Blog	Processing untrusted theming resources might execute arbitrary code (ACE)	29 Jan 202120:51	–	github
Node.js	Arbitrary JavaScript Execution	23 Feb 202101:32	–	nodejs

Nvd

Vulners

Node

less-openui5_project less-openui5Range<0.10.0node.js

[
  {
    "product": "less-openui5",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.10.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/SAP/less-openui5/security/advisories/GHSA-3crj-w4f5-gwh4
lesscss	www.lesscss.org/usage/
npmjs	www.npmjs.com/package/less-openui5
github	www.github.com/SAP/less-openui5/commit/c0d3a8572974a20ea6cee42da11c614a54f100e8
github	www.github.com/SAP/less-openui5/releases/tag/v0.10.0

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Feb 2021 18:15Current

6.7Medium risk

Vulners AI Score6.7

CVSS26.8

CVSS36.3 - 7.8

EPSS0.00301

CWE-74