VDB
CVE-2021-23422
CVE-2021-23422
PUBLISHED
This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.
EPSS 0.20% · 42.3th percentile
Risk Scores
EPSS Score
0.20%
42.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | bikeshed | 1.72-0ubuntu1, 0, 1.71-0ubuntu1 |
| Ubuntu:16.04:LTS | bikeshed | 1.62-0ubuntu1, 1.65-0ubuntu1, 1.60-0ubuntu1 |
| Ubuntu:25.10 | bikeshed | 0, 1.78-0ubuntu1 |
| Ubuntu:24.04:LTS | bikeshed | 1.78-0ubuntu1, 0 |
| Ubuntu:20.04:LTS | bikeshed | 0, 1.78-0ubuntu1 |
| Ubuntu:22.04:LTS | bikeshed | 0, 1.78-0ubuntu1 |
Exploit Intelligence
Timeline
- Aug 16, 2021 EPSS Score
- Aug 16, 2021 CVE Published
- Oct 14, 2021 EPSS Score
- Dec 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 7, 2022 EPSS Score
- Jun 5, 2022 EPSS Score
- Aug 3, 2022 EPSS Score
- Oct 1, 2022 EPSS Score
- Nov 28, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-23422 third-party-advisory
- https://snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646 third-party-advisory
- https://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23422 third-party-advisory