11 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-42740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to...
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities
Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
Security Bulletin: A security vulnerability in Node.js shell-quote affects IBM Cloud Pak for Multicloud Management Managed Services [CVE-2021-42740]
Summary A security vulnerability in Node.js shell-quote affects IBM Cloud Pak for Multicloud Management Managed Services CVE-2021-42740, the fix removes Node.js shell-quote Vulnerability Details CVEID:CVE-2021-42740 DESCRIPTION: Node.js shell-quote module could allow a remote attacker to execute...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +16075 more potentially affected by CVE-2021-42740 via shell-quote (>=1.6.3 <=1.7.2)
shell-quote NPM version =1.6.3, =1.0.1, =1.1.0 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 - 0xgank-tea-child-eveni...
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
DEBIAN-CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
CVE-2021-42740
CVE-2021-42740 affects the shell-quote package for Node.js (pre-1.7.3). The Windows drive-letter regex was {A-z] instead of {A-Za-z], enabling injection of shell metacharacters when unescaped output is passed to a real shell via exec(). Attacks can lead to arbitrary commands execution under the d...