An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source.
References
Link | Resource |
---|---|
https://blog.sonarsource.com/etherpad-code-execution-vulnerabilities | Exploit Third Party Advisory |
https://github.com/ether/etherpad-lite/releases | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-07-21T18:02:01
Updated: 2021-07-21T18:02:01
Reserved: 2021-06-17T00:00:00
Link: CVE-2021-34816
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-21T18:15:09.733
Modified: 2021-07-30T15:22:21.557
Link: CVE-2021-34816
JSON object: View
Redhat Information
No data.
CWE