CVE-2021-23420

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:codeception:codeception:*:*:*:*:*:*:*:*
cpe:2.3:a:codeception:codeception:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-11 13:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-23420

Mitre link : CVE-2021-23420

CVE.ORG link : CVE-2021-23420


JSON object : View

Products Affected

codeception

  • codeception
CWE
CWE-502

Deserialization of Untrusted Data