CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands.
Configurations

Configuration 1

cpe:2.3:a:mitre:caldera:*:*:*:*:*:*:*:*

Information

Published : 2022-01-12 07:15

Updated : 2022-07-12 05:42


NVD link : CVE-2021-42561

Mitre link : CVE-2021-42561

Products Affected
No products.
CWE