Lucene search

VulDBCVE-2021-4281

HistoryDec 26, 2022 - 8:15 p.m.

CVE-2021-4281

2022-12-2620:15:10

CWE-78

VulDB

web.nvd.nist.gov

cve-2021-4281

brave ux

for-the-badge

critical

os command injection

file manipulation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.005

Percentile

76.6%

JSON

A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability.

Affected configurations

Nvd

Node

forthebadgefor_the_badgeRange<1.2.0

VendorProductVersionCPE
forthebadgefor_the_badge*cpe:2.3:a:forthebadge:for_the_badge:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
forthebadge	for_the_badge	*	cpe:2.3:a:forthebadge:for_the_badge::::::::

CNA Affected

[
  {
    "vendor": "Brave UX",
    "product": "for-the-badge",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

github.com/BraveUX/for-the-badge/commit/55b5a234c0fab935df5fb08365bc8fe9c37cf46b

github.com/BraveUX/for-the-badge/pull/165

vuldb.com/?ctiid.216842

vuldb.com/?id.216842

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.005

Percentile

76.6%

JSON

Related for CVE-2021-4281