VYPR
High severity8.8NVD Advisory· Published Jan 12, 2022· Updated Jun 17, 2026

CVE-2021-42561

CVE-2021-42561

Description

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters (e.g., backticks "``" or dollar parenthesis "$()" ) in order to escape the current command and execute arbitrary shell commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • CALDERA/CALDERAdescription
  • Mitre/Calderallm-fuzzy
    Range: =2.8.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.