Refine your search
1 vulnerability found for aops-ceres by openEuler
CVE-2021-33633 (GCVE-0-2021-33633)
Vulnerability from cvelistv5
Published
2024-03-23 11:29
Modified
2024-08-12 18:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py.
This issue affects aops-ceres: from 1.3.0 through 1.4.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| openEuler | aops-ceres |
Version: 1.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1159"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/aops-ceres/pulls/159"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/src-openeuler/aops-ceres/pulls/158"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openeuler:aops-zeus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "aops-zeus",
"vendor": "openeuler",
"versions": [
{
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "1.3.0",
"versionType": "git"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-33633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T19:34:09.616801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T18:42:35.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://gitee.com/src-openeuler",
"defaultStatus": "unaffected",
"modules": [
"ceres"
],
"packageName": "aops-ceres",
"platforms": [
"Linux"
],
"product": "aops-ceres",
"programFiles": [
"https://gitee.com/openeuler/aops-ceres/blob/master/ceres/function/util.py"
],
"repo": "https://gitee.com/src-openeuler/aops-ceres",
"vendor": "openEuler",
"versions": [
{
"changes": [
{
"at": "261133e1d33ed24fedc775e426740dc749108310",
"status": "unaffected"
},
{
"at": "6aa4bd6c9e8cda79856343d9573170e85081a44d",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.4.1",
"status": "affected",
"version": "1.3.0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler aops-ceres on Linux allows Command Injection.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003eceres/function/util.Py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects aops-ceres: from 1.3.0 through 1.4.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py.\n\nThis issue affects aops-ceres: from 1.3.0 through 1.4.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-23T11:29:44.343Z",
"orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"shortName": "openEuler"
},
"references": [
{
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1159"
},
{
"url": "https://gitee.com/src-openeuler/aops-ceres/pulls/159"
},
{
"url": "https://gitee.com/src-openeuler/aops-ceres/pulls/158"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection in aops-ceres",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
"assignerShortName": "openEuler",
"cveId": "CVE-2021-33633",
"datePublished": "2024-03-23T11:29:44.343Z",
"dateReserved": "2021-05-28T14:26:05.941Z",
"dateUpdated": "2024-08-12T18:42:35.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}