Lucene search
SnykCVELIST:CVE-2021-23381HistoryApr 18, 2021 - 6:45 p.m.
CVE-2021-23381 Arbitrary Command Injection
2021-04-1818:45:16
snyk
www.cve.org
1
cve-2021-23381
arbitrary command injection
package killing
user input
child process exec
input sanitization
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
AI Score
9.9
Confidence
High
EPSS
0.005
Percentile
76.1%
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CNA Affected
[
{
"product": "killing",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Arbitrary Code Execution
2021-04-19 00:27:42
osv
osv
Command Injection in killing
2021-05-06 15:53:32
cve
cve
CVE-2021-23381
2021-04-18 19:15:13
prion
prion
Design/Logic Flaw
2021-04-18 19:15:00
github
github
Command Injection in killing
2021-05-06 15:53:32
nvd
nvd
CVE-2021-23381
2021-04-18 19:15:13
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
AI Score
9.9
Confidence
High
EPSS
0.005
Percentile
76.1%
Related for CVELIST:CVE-2021-23381