Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-41280
HistoryNov 19, 2021 - 8:15 p.m.

CVE-2021-41280

2021-11-1920:15:18
Google
osv.dev
3
cve-2021-41280
sharetribe go
command injection
operating system
sns notification token
configuration parameter
patched version
upgrade

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

59.2%

JSON

Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service (SNS) notification token configured via the sns_notification_token configuration parameter. This configuration parameter is unset by default. The vulnerability has been patched in version 10.2.1. Users who are unable to upgrade should set thesns_notification_token configuration parameter to a secret value.

Related

nvd 1
prion 1
cve 1
cvelist 1
nvd
nvd
CVE-2021-41280
2021-11-19 20:15:18
prion
prion
Command injection
2021-11-19 20:15:00
cve
cve
CVE-2021-41280
2021-11-19 20:15:18
cvelist
cvelist
CVE-2021-41280 OS command injection in Sharetribe Go
2021-11-19 20:05:11

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

59.2%

JSON
Related for OSV:CVE-2021-41280
nvd1prion1cve1cvelist1