CVE-2021-23420

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codeception:codeception:*:*:*:*:*:*:*:*
cpe:2.3:a:codeception:codeception:*:*:*:*:*:*:*:*

Information

Published : 2021-08-11 06:15

Updated : 2021-08-19 12:42


NVD link : CVE-2021-23420

Mitre link : CVE-2021-23420


JSON object : View

CWE
CWE-502

Deserialization of Untrusted Data

Advertisement

dedicated server usa

Products Affected

codeception

  • codeception