CVE-2021-23422 — HIGH (7.8)

Q: How severe is CVE-2021-23422?

CVE-2021-23422 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-23422?

Check the references section above for vendor advisories and patch information. Affected products include: Bikeshed Project Bikeshed.

Vulnerability Description

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bikeshed Project	Bikeshed	< 3.0.0

Related Weaknesses (CWE)

CWE-78

References

https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cbPatchThird Party Advisory
https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646PatchThird Party Advisory
https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cbPatchThird Party Advisory
https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646PatchThird Party Advisory

FAQ

What is CVE-2021-23422?

CVE-2021-23422 is a vulnerability with a CVSS score of 7.8 (HIGH). This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command ...

How severe is CVE-2021-23422?

CVE-2021-23422 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-23422?

Check the references section above for vendor advisories and patch information. Affected products include: Bikeshed Project Bikeshed.