CVE-2021-29300

Sažetak

The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.

Reference

https://advisory.checkmarx.net/advisory/CX-2021-4775
https://github.com/ronomon/opened/commit/7effe011d4fea8fac7f78c00615e0a6e69af68ec

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

28-06-2022 - 14:11

Objavljeno

24-05-2021 - 16:15