CVE-2021-29300

high-risk
Published 2021-05-24

The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.

Do I need to act?

!
44.7% chance of exploitation in next 30 days
EPSS score — higher than 55% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: a2522d7cf6ed54567e6da05c24e4ef8c9b1daab1, 7effe011d4fea8fac7f78c00615e0a6e69af68ec
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Ronomon

References (4)

Exploit https://advisory.checkmarx.net/advisory/CX-2021-4775
Patch https://github.com/ronomon/opened/commit/7effe011d4fea8fac7f78c00615e0a6e69af68e...
Exploit https://advisory.checkmarx.net/advisory/CX-2021-4775
Patch https://github.com/ronomon/opened/commit/7effe011d4fea8fac7f78c00615e0a6e69af68e...
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 17/34 · Moderate
Exposure 5/34 · Minimal