CVE-2021-23380 Vulnerability Details

  /     /     /  

CVE-2021-23380 Metadata Quick Info

CVE Published: 18/04/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: snyk | Vendor: n/a | Product: roar-pidusage
Status : PUBLISHED

---

CVE-2021-23380 Description

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.

Metrics

CVSS Version: 3.1 | Base Score: 5.6 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Arbitrary Command Injection
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).