Moderate severityNVD Advisory· Published Jan 27, 2021· Updated Nov 19, 2024
CVE-2021-26276
CVE-2021-26276
Description
scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
config-shieldnpm | < 0.2.3 | 0.2.3 |
Affected products
2- GoDaddy/node-config-shielddescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-w8h4-vw8f-rvvjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-26276ghsaADVISORY
- advisory.checkmarx.net/advisory/CX-2021-4773ghsax_refsource_MISCWEB
- github.com/godaddy/node-config-shield/commit/cdba5d3a7accd661ffbc52e208153464bd0d9da6ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.