CVE-2021-23422 Information

Description

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed the command output would be included in the HTML output.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646 https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8