CVE-2021-34084

EPSS 14.7%

OS Command Injection in s3-uploader

發布日:2022/6/3修改日:2023/11/8

描述

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.

受影響套件(1)

npm/s3-uploaderfrom 0, <= 2.0.3

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-34084
PATCHhttps://github.com/Turistforeningen/node-s3-uploader
WEBhttps://advisory.checkmarx.net/advisory/CX-2021-4776