CVE-2021-4326 Vulnerability in npm package @zowe/imperative

Description

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.

Remediation

References

https://github.com/zowe/imperative/

Related Vulnerabilities

CVE-2023-37263 Vulnerability in npm package @strapi/plugin-content-manager

CVE-2023-45818 Vulnerability in maven package org.webjars.npm:tinymce

CVE-2022-37423 Vulnerability in maven package org.neo4j.procedure:apoc

CVE-2023-44794 Vulnerability in maven package cn.dev33:sa-token-core

CVE-2019-19771 Vulnerability in npm package bitcoin-osp

Severity

High

Classification

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H