VYPR
High severity7.7OSV Advisory· Published Aug 11, 2021· Updated Jun 17, 2026

CVE-2021-23420

CVE-2021-23420

Description

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
codeception/codeceptionPackagist
< 3.1.33.1.3
codeception/codeceptionPackagist
>= 4.0.0, < 4.1.224.1.22

Affected products

2

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.