VYPR
Unrated severityNVD Advisory· Published Aug 18, 2022· Updated Aug 3, 2024

CVE-2021-30070

CVE-2021-30070

Description

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Hestiacp/Hestiacpcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <1.3.5

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.