CVE-2021-3210

2021-02-1914:15:12

Google

osv.dev

7.8 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.5%

JSON

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.

CPENameOperatorVersion
bloodhoundeq1.0.0
bloodhoundeq2.1.0
bloodhoundeq1.4
bloodhoundeq2.2.1
bloodhoundeq1.1
bloodhoundeq1.5.2
bloodhoundeq1.5.1
bloodhoundeq3.0.0
bloodhoundeq2.0.5
bloodhoundeq3.0.5

Name	Operator	Version
bloodhound	eq	1.0.0
bloodhound	eq	2.1.0
bloodhound	eq	1.4
bloodhound	eq	2.2.1
bloodhound	eq	1.1
bloodhound	eq	1.5.2
bloodhound	eq	1.5.1
bloodhound	eq	3.0.0
bloodhound	eq	2.0.5
bloodhound	eq	3.0.5