CVE-2021-44079

2021-11-2207:15:07

Google

osv.dev

7.8 High

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

JSON

In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.

CPENameOperatorVersion
wazuheq4.2.4
wazuheq4.2.3
wazuheq4.2.1
wazuheq4.2.0
wazuheq4.2.2

Name	Operator	Version
wazuh	eq	4.2.4
wazuh	eq	4.2.3
wazuh	eq	4.2.1
wazuh	eq	4.2.0
wazuh	eq	4.2.2

References

github.com/wazuh/wazuh/issues/10858

github.com/wazuh/wazuh/issues/10858#issuecomment-991118254

github.com/wazuh/wazuh/pull/10809