CVE-2021-34082

CRITICAL

9.8

Descricao

OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado6/2/2022

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

proctree_project:proctree

Fraquezas (CWE)

CWE-78

Referencias

https://advisory.checkmarx.net/advisory/CX-2021-4783(cve@mitre.org)

https://github.com/allenhwkim/proctree/blob/master/index.js#L46(cve@mitre.org)

https://advisory.checkmarx.net/advisory/CX-2021-4783(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/allenhwkim/proctree/blob/master/index.js#L46(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.