4 matches found
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...
CVE-2021-34816
An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source...
CVE-2021-34816
Etherpad 1.8.13 has two injection flaws tracked as CVE-2021-34816 (Argument Injection in plugin management) and CVE-2021-34817 (Persistent XSS in chat messages). The Argument Injection flaw arises when an admin installs a plugin; the plugin name is passed to npm install without validation, enabli...