CVE-2021-34084

EPSS 14.7%

OS Command Injection in s3-uploader

Published: 6/3/2022Modified: 11/8/2023

Description

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.

Affected packages (1)

npm/s3-uploaderfrom 0, <= 2.0.3

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-34084
PATCHhttps://github.com/Turistforeningen/node-s3-uploader
WEBhttps://advisory.checkmarx.net/advisory/CX-2021-4776