Vulnerability Details CVE-2021-27185
The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.112
EPSS Ranking 93.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://advisory.checkmarx.net/advisory/CX-2021-4302
- https://github.com/eflexsystems/node-samba-client/commit/5bc3bbad9b8d02243bc861a11ec73f788fbb1235
- https://github.com/eflexsystems/node-samba-client/releases/tag/4.0.0
- https://security.netapp.com/advisory/ntap-20210319-0002/
- https://www.npmjs.com/package/samba-client
- https://advisory.checkmarx.net/advisory/CX-2021-4302
- https://github.com/eflexsystems/node-samba-client/commit/5bc3bbad9b8d02243bc861a11ec73f788fbb1235
- https://github.com/eflexsystems/node-samba-client/releases/tag/4.0.0
- https://security.netapp.com/advisory/ntap-20210319-0002/
- https://www.npmjs.com/package/samba-client
Products affected by CVE-2021-27185
-
cpe:2.3:a:samba-client_project:samba-client:1.0.0
-
cpe:2.3:a:samba-client_project:samba-client:1.0.1
-
cpe:2.3:a:samba-client_project:samba-client:1.0.2
-
cpe:2.3:a:samba-client_project:samba-client:1.0.3
-
cpe:2.3:a:samba-client_project:samba-client:1.1.0
-
cpe:2.3:a:samba-client_project:samba-client:1.1.1
-
cpe:2.3:a:samba-client_project:samba-client:1.2.0
-
cpe:2.3:a:samba-client_project:samba-client:1.3.0
-
cpe:2.3:a:samba-client_project:samba-client:1.3.1
-
cpe:2.3:a:samba-client_project:samba-client:1.3.2
-
cpe:2.3:a:samba-client_project:samba-client:1.3.3
-
cpe:2.3:a:samba-client_project:samba-client:1.4.0
-
cpe:2.3:a:samba-client_project:samba-client:1.5.0
-
cpe:2.3:a:samba-client_project:samba-client:2.0.0
-
cpe:2.3:a:samba-client_project:samba-client:2.1.0
-
cpe:2.3:a:samba-client_project:samba-client:3.0.0
-
cpe:2.3:a:samba-client_project:samba-client:3.1.0
-
cpe:2.3:a:samba-client_project:samba-client:3.1.1
-
cpe:2.3:a:samba-client_project:samba-client:3.2.0
-
cpe:2.3:a:samba-client_project:samba-client:3.3.0
-
cpe:2.3:a:samba-client_project:samba-client:3.4.0