This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.
References
Link | Resource |
---|---|
https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646 | Patch Third Party Advisory |
https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646 | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 05:51
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd - Patch, Third Party Advisory | |
References | () https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646 - Patch, Third Party Advisory |
23 Aug 2021, 19:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:bikeshed_project:bikeshed:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646 - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd - Patch, Third Party Advisory | |
CWE | CWE-78 | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
16 Aug 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-16 08:15
Updated : 2024-11-21 05:51
NVD link : CVE-2021-23422
Mitre link : CVE-2021-23422
CVE.ORG link : CVE-2021-23422
JSON object : View
Products Affected
bikeshed_project
- bikeshed
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')