components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.
References
Link | Resource |
---|---|
https://github.com/BloodHoundAD/BloodHound/blob/338e197dc4b7a1ee929c335141172ada5bc80800/src/components/Modals/HelpModal.jsx#L57 | Exploit Third Party Advisory |
https://github.com/BloodHoundAD/BloodHound/blob/338e197dc4b7a1ee929c335141172ada5bc80800/src/components/Modals/HelpTexts/GenericAll/GenericAll.jsx#L31-L37 | Exploit Third Party Advisory |
https://github.com/BloodHoundAD/BloodHound/issues/338 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-19T13:06:42
Updated: 2021-02-19T13:06:42
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-3210
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-19T14:15:12.573
Modified: 2021-02-25T22:11:35.697
Link: CVE-2021-3210
JSON object: View
Redhat Information
No data.
CWE