Podatność CVE-2021-22204

Podatność CVE-2021-22204

Publikacja: 2021-04-23

Opis:

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:

	Tytuł	Autor	Data
Med.	ExifTool DjVu ANT Perl Injection	Justin Steven	15.05.2021
High	GitLab Unauthenticated Remote ExifTool Command Injection	William Bowling	05.11.2021
High	GitLab 13.10.2 Remote Code Execution (RCE) (Unauthenticated)	Jacob Baines	17.11.2021
High	ExifTool 12.23 Arbitrary Code Execution	UNICORD	11.05.2022

Typ:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

Referencje:

https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800

https://hackerone.com/reports/1154542

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json

Podatność CVE-2021-22204

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:

Med.

ExifTool DjVu ANT Perl Injection

High

GitLab Unauthenticated Remote ExifTool Command Injection

High

GitLab 13.10.2 Remote Code Execution (RCE) (Unauthenticated)

High

ExifTool 12.23 Arbitrary Code Execution

CWE-78

Referencje: