CVE-2021-4297

🗓️ 01 Jan 2023 18:15:21Reported by VulDBType

Vulnerability in trampgeek jobe up to 1.6.4 allows remote attackers to execute arbitrary code via a crafted sourcefilename parameter. Upgrade to 1.6.5 to fix

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2021-4297	1 Jan 202322:15	–	circl
CNNVD	JOBE 安全漏洞	1 Jan 202300:00	–	cnnvd
Cvelist	CVE-2021-4297 trampgeek jobe Restapi.php runs_post Privilege Escalation	1 Jan 202318:15	–	cvelist
EUVD	EUVD-2021-34133	3 Oct 202520:07	–	euvd
NVD	CVE-2021-4297	1 Jan 202319:15	–	nvd
Prion	Information disclosure	1 Jan 202319:15	–	prion
Positive Technologies	PT-2023-12401 · Unknown +1 · Trampgeek Jobe +1	2 Sep 202200:00	–	ptsecurity
Vulnrichment	CVE-2021-4297 trampgeek jobe Restapi.php runs_post Privilege Escalation	1 Jan 202318:15	–	vulnrichment

NVD

Vulners

Node

jobe_project jobeRange<1.6.5

[
  {
    "vendor": "trampgeek",
    "product": "jobe",
    "versions": [
      {
        "version": "1.6.0",
        "status": "affected"
      },
      {
        "version": "1.6.1",
        "status": "affected"
      },
      {
        "version": "1.6.2",
        "status": "affected"
      },
      {
        "version": "1.6.3",
        "status": "affected"
      },
      {
        "version": "1.6.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/trampgeek/jobe/issues/46
github	www.github.com/trampgeek/jobe/commit/694da5013dbecc8d30dd83e2a83e78faadf93771
vuldb	www.vuldb.com/

28 May 2025 14:15Current

7.6High risk

Vulners AI Score7.6

CVSS 3.15.5 - 9.8

CVSS 24.9

CVSS 35.5

EPSS0.00436

SSVC

CWE-276