CVE-2021-23422

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bikeshed_project:bikeshed:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:51

Type Values Removed Values Added
References () https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd - Patch, Third Party Advisory () https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd - Patch, Third Party Advisory
References () https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646 - Patch, Third Party Advisory () https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646 - Patch, Third Party Advisory

23 Aug 2021, 19:02

Type Values Removed Values Added
CPE cpe:2.3:a:bikeshed_project:bikeshed:*:*:*:*:*:*:*:*
References (CONFIRM) https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646 - (CONFIRM) https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646 - Patch, Third Party Advisory
References (CONFIRM) https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd - (CONFIRM) https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd - Patch, Third Party Advisory
CWE CWE-78
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 7.8

16 Aug 2021, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-16 08:15

Updated : 2024-11-21 05:51


NVD link : CVE-2021-23422

Mitre link : CVE-2021-23422

CVE.ORG link : CVE-2021-23422


JSON object : View

Products Affected

bikeshed_project

  • bikeshed
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')