Vulnerability Details CVE-2021-26276
scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2021-26276
-
cpe:2.3:a:godaddy:node-config-shield:0.2.2