Lucene search
SnykCVELIST:CVE-2021-23326HistoryJan 20, 2021 - 12:30 p.m.
CVE-2021-23326 Command Injection
2021-01-2012:30:15
snyk
www.cve.org
2
cve-2021-23326
command injection
@graphql-tools/git-loader
exec
execsync
load-git.ts
arbitrary command injection
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
9.3
Confidence
High
EPSS
0.003
Percentile
68.7%
This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.
CNA Affected
[
{
"product": "@graphql-tools/git-loader",
"vendor": "n/a",
"versions": [
{
"lessThan": "6.2.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Related
redhatcve
redhatcve
CVE-2021-23326
2021-02-04 16:22:44
osv
osv
Command Injection in @graphql-tools/git-loader
2021-01-29 18:13:14
CVE-2021-23326
2021-01-20 13:15:12
nodejs
nodejs
Command Injection
2021-02-22 17:42:01
github
github
Command Injection in @graphql-tools/git-loader
2021-01-29 18:13:14
cve
cve
CVE-2021-23326
2021-01-20 13:15:12
prion
prion
Command injection
2021-01-20 13:15:00
nvd
nvd
CVE-2021-23326
2021-01-20 13:15:12
veracode
veracode
Command Injection
2021-01-21 06:59:20
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
AI Score
9.3
Confidence
High
EPSS
0.003
Percentile
68.7%
Related for CVELIST:CVE-2021-23326