Home > Vulnerability Database > CVE-2021-23422

Mend.io Vulnerability Database

CVE-2021-23422

Good to know:

Date: August 16, 2021

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.

Language: Python

Severity Score

7.8

Related Resources (6)

Url: https://github.com/advisories/GHSA-87cj-px37-rc3x

Url: https://github.com/pypa/advisory-database/tree/main/vulns/bikeshed/PYSEC-2021-116.yaml

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-23422

Url: https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd

Url: https://github.com/tabatkins/bikeshed

Url: https://www.mend.io/vulnerability-database/CVE-2021-23422

Severity Score

7.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

Top Fix

Upgrade Version

Upgrade to version bikeshed - 3.0.0

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-23422

Good to know:

Date: August 16, 2021

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?