CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-23352

HIGH
8.6
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile17.50th
Published2021年3月9日
Last Modified2024年11月21日

Vulnerability Description

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

Affected Platforms (CPE)

📦
Madge Project

Madge

< 4.0.1

References & Advisories

🔗 https://github.com/pahen/madge/blob/master/lib/graph.js%23L27
🔗 https://github.com/pahen/madge/commit/da5cbc9ab30372d687fa7c324b22af7ffa5c6332
🔗 https://snyk.io/vuln/SNYK-JS-MADGE-1082875
🔗 https://github.com/pahen/madge/blob/master/lib/graph.js%23L27
🔗 https://github.com/pahen/madge/commit/da5cbc9ab30372d687fa7c324b22af7ffa5c6332
🔗 https://snyk.io/vuln/SNYK-JS-MADGE-1082875

相关漏洞威胁

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...