Vulnerability Description
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bloodhound Project | Bloodhound | <= 4.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/BloodHoundAD/BloodHound/blob/338e197dc4b7a1ee929c335141172adaExploitThird Party Advisory
- https://github.com/BloodHoundAD/BloodHound/blob/338e197dc4b7a1ee929c335141172adaExploitThird Party Advisory
- https://github.com/BloodHoundAD/BloodHound/issues/338ExploitIssue TrackingThird Party Advisory
- https://github.com/BloodHoundAD/BloodHound/blob/338e197dc4b7a1ee929c335141172adaExploitThird Party Advisory
- https://github.com/BloodHoundAD/BloodHound/blob/338e197dc4b7a1ee929c335141172adaExploitThird Party Advisory
- https://github.com/BloodHoundAD/BloodHound/issues/338ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2021-3210?
CVE-2021-3210 is a vulnerability with a CVSS score of 9.6 (CRITICAL). components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaS...
How severe is CVE-2021-3210?
CVE-2021-3210 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-3210?
Check the references section above for vendor advisories and patch information. Affected products include: Bloodhound Project Bloodhound.