CyberSec.Space Logo
Back to CVE Browser

CVE-2021-23352

HIGH
8.6
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile17.50th
PublishedMar 9, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

Affected Platforms (CPE)

πŸ“¦
Madge Project

Madge

< 4.0.1

References & Advisories

πŸ”— https://github.com/pahen/madge/blob/master/lib/graph.js%23L27
πŸ”— https://github.com/pahen/madge/commit/da5cbc9ab30372d687fa7c324b22af7ffa5c6332
πŸ”— https://snyk.io/vuln/SNYK-JS-MADGE-1082875
πŸ”— https://github.com/pahen/madge/blob/master/lib/graph.js%23L27
πŸ”— https://github.com/pahen/madge/commit/da5cbc9ab30372d687fa7c324b22af7ffa5c6332
πŸ”— https://snyk.io/vuln/SNYK-JS-MADGE-1082875

Related Vulnerabilities

CVE-2021-217710.0

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version tha...

CVE-2021-224410.0

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provide...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-224810.0

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that...