High severity7.8NVD Advisory· Published Aug 16, 2021· Updated Jun 17, 2026
CVE-2021-23422
CVE-2021-23422
Description
This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bikeshedPyPI | < 3.0.0 | 3.0.0 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2ddnvdPatchThird Party AdvisoryWEB
- snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-87cj-px37-rc3xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23422ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/bikeshed/PYSEC-2021-116.yamlghsaWEB
News mentions
0No linked articles in our index yet.