Vulnerability Details CVE-2021-23352
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 79.1%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 7.5
Products affected by CVE-2021-23352
-
cpe:2.3:a:madge_project:madge:-
-
cpe:2.3:a:madge_project:madge:0.0.1
-
cpe:2.3:a:madge_project:madge:0.0.2
-
cpe:2.3:a:madge_project:madge:0.0.4
-
cpe:2.3:a:madge_project:madge:0.0.5
-
cpe:2.3:a:madge_project:madge:0.1.0
-
cpe:2.3:a:madge_project:madge:0.1.1
-
cpe:2.3:a:madge_project:madge:0.1.2
-
cpe:2.3:a:madge_project:madge:0.1.3
-
cpe:2.3:a:madge_project:madge:0.1.4
-
cpe:2.3:a:madge_project:madge:0.1.5
-
cpe:2.3:a:madge_project:madge:0.1.6
-
cpe:2.3:a:madge_project:madge:0.1.7
-
cpe:2.3:a:madge_project:madge:0.1.8
-
cpe:2.3:a:madge_project:madge:0.1.9
-
cpe:2.3:a:madge_project:madge:0.2.0
-
cpe:2.3:a:madge_project:madge:0.3.0
-
cpe:2.3:a:madge_project:madge:0.3.1
-
cpe:2.3:a:madge_project:madge:0.3.4
-
cpe:2.3:a:madge_project:madge:0.3.5
-
cpe:2.3:a:madge_project:madge:0.4.1
-
cpe:2.3:a:madge_project:madge:0.5.0
-
cpe:2.3:a:madge_project:madge:0.5.1
-
cpe:2.3:a:madge_project:madge:0.5.2
-
cpe:2.3:a:madge_project:madge:0.5.3
-
cpe:2.3:a:madge_project:madge:0.5.4
-
cpe:2.3:a:madge_project:madge:0.5.5
-
cpe:2.3:a:madge_project:madge:0.6.0
-
cpe:2.3:a:madge_project:madge:1.0.0
-
cpe:2.3:a:madge_project:madge:1.1.0
-
cpe:2.3:a:madge_project:madge:1.2.0
-
cpe:2.3:a:madge_project:madge:1.3.0
-
cpe:2.3:a:madge_project:madge:1.3.1
-
cpe:2.3:a:madge_project:madge:1.3.2
-
cpe:2.3:a:madge_project:madge:1.4.0
-
cpe:2.3:a:madge_project:madge:1.4.1
-
cpe:2.3:a:madge_project:madge:1.4.2
-
cpe:2.3:a:madge_project:madge:1.4.3
-
cpe:2.3:a:madge_project:madge:1.4.4
-
cpe:2.3:a:madge_project:madge:1.4.5
-
cpe:2.3:a:madge_project:madge:1.4.6
-
cpe:2.3:a:madge_project:madge:1.5.0
-
cpe:2.3:a:madge_project:madge:1.6.0
-
cpe:2.3:a:madge_project:madge:2.0.0
-
cpe:2.3:a:madge_project:madge:2.1.0
-
cpe:2.3:a:madge_project:madge:2.2.0
-
cpe:2.3:a:madge_project:madge:3.0.0
-
cpe:2.3:a:madge_project:madge:3.0.1
-
cpe:2.3:a:madge_project:madge:3.1.0
-
cpe:2.3:a:madge_project:madge:3.1.1
-
cpe:2.3:a:madge_project:madge:3.10.0
-
cpe:2.3:a:madge_project:madge:3.11.0
-
cpe:2.3:a:madge_project:madge:3.12.0
-
cpe:2.3:a:madge_project:madge:3.2.0
-
cpe:2.3:a:madge_project:madge:3.3.0
-
cpe:2.3:a:madge_project:madge:3.4.0
-
cpe:2.3:a:madge_project:madge:3.4.1
-
cpe:2.3:a:madge_project:madge:3.4.2
-
cpe:2.3:a:madge_project:madge:3.4.3
-
cpe:2.3:a:madge_project:madge:3.4.4
-
cpe:2.3:a:madge_project:madge:3.5.0
-
cpe:2.3:a:madge_project:madge:3.5.1
-
cpe:2.3:a:madge_project:madge:3.6.0
-
cpe:2.3:a:madge_project:madge:3.7.0
-
cpe:2.3:a:madge_project:madge:3.8.0
-
cpe:2.3:a:madge_project:madge:3.9.0
-
cpe:2.3:a:madge_project:madge:3.9.1
-
cpe:2.3:a:madge_project:madge:3.9.2
-
cpe:2.3:a:madge_project:madge:4.0.0