Code injection

2020-12-1120:15:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.7%

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.

CPENameOperatorVersion
nginx_controllerge2.0.0
nginx_controllerle2.9.0
nginx_controllereq1.0.1
nginx_controllerge3.0.0
nginx_controllerlt3.10.0

Name	Operator	Version
nginx_controller	ge	2.0.0
nginx_controller	le	2.9.0
nginx_controller	eq	1.0.1
nginx_controller	ge	3.0.0
nginx_controller	lt	3.10.0

References

security.netapp.com/advisory/ntap-20210115-0004/

support.f5.com/csp/article/K43530108