CVE-2021-29369
Code injection in @rkesters/gnuplot
9.8
CRITICAL
CVSS 3.1
EPSS 1.1%
Description
@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
How to fix CVE-2021-29369
To remediate CVE-2021-29369, upgrade the affected package to a fixed version below.
- npm/@rkesters/gnuplot—upgrade to 0.1.1 or later
Is CVE-2021-29369 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |