CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-32830

The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. All versions of this package are vulnerable as of the writing of this CVE.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.6%

CVSS Severity

CVSS v3 Score 3.9

CVSS v2 Score 6.8

References

https://github.com/diez/diez
https://securitylab.github.com/advisories/GHSL-2021-061-diez-generation-cmd-injection/
https://www.npmjs.com/package/%40diez/generation
https://github.com/diez/diez
https://securitylab.github.com/advisories/GHSL-2021-061-diez-generation-cmd-injection/
https://www.npmjs.com/package/%40diez/generation

Products affected by CVE-2021-32830

Haikuforteams » Diez » Version: N/A

cpe:2.3:a:haikuforteams:diez:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-32830

Products

Pricing

Contact Us