Lucene search
+L

11 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-42740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to...

9.8CVSS7.7AI score0.0434EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.6 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:31 p.m.113 views

Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities

Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...

9.8CVSS10AI score0.0434EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 5:19 p.m.78 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

9.8CVSS9.8AI score0.05299EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/22 9:27 a.m.34 views

Security Bulletin: A security vulnerability in Node.js shell-quote affects IBM Cloud Pak for Multicloud Management Managed Services [CVE-2021-42740]

Summary A security vulnerability in Node.js shell-quote affects IBM Cloud Pak for Multicloud Management Managed Services CVE-2021-42740, the fix removes Node.js shell-quote Vulnerability Details CVEID:CVE-2021-42740 DESCRIPTION: Node.js shell-quote module could allow a remote attacker to execute...

9.8CVSS9.7AI score0.0434EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 7:18 p.m.5 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +16075 more potentially affected by CVE-2021-42740 via shell-quote (>=1.6.3 <=1.7.2)

shell-quote NPM version =1.6.3, =1.0.1, =1.1.0 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 - 0xgank-tea-child-eveni...

9.8CVSS7.1AI score0.0434EPSS
Exploits0
OSV
OSV
added 2021/10/21 3:15 p.m.9 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS9.7AI score
Exploits0References3
NVD
NVD
added 2021/10/21 3:15 p.m.16 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS0.0434EPSS
Exploits0References3
OSV
OSV
added 2021/10/21 3:15 p.m.2 views

DEBIAN-CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.8AI score0.0434EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/10/21 3:15 p.m.103 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0References4
CVE
CVE
added 2021/10/21 2:46 p.m.131 views

CVE-2021-42740

CVE-2021-42740 affects the shell-quote package for Node.js (pre-1.7.3). The Windows drive-letter regex was {A-z] instead of {A-Za-z], enabling injection of shell metacharacters when unescaped output is passed to a real shell via exec(). Attacks can lead to arbitrary commands execution under the d...

9.8CVSS9.5AI score0.0434EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder