CVE-2021-23422 – bikeshed

Package

Manager: pip
Name: bikeshed
Vulnerable Version: >=0 <3.0.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00203 pctl0.42586

Details

OS Command Injection in bikeshed This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.

Metadata

Created: 2021-08-30T16:25:35Z
Modified: 2024-09-04T21:12:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-87cj-px37-rc3x/GHSA-87cj-px37-rc3x.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-87cj-px37-rc3x
Finding: F404
Auto approve: 1