Moderate severityNVD Advisory· Published May 11, 2022· Updated Aug 4, 2024
CVE-2021-42648
CVE-2021-42648
Description
Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
code-servernpm | < 3.12.0 | 3.12.0 |
Affected products
6- osv-coords5 versionspkg:apk/chainguard/code-serverpkg:apk/chainguard/code-server-compatpkg:apk/wolfi/code-serverpkg:apk/wolfi/code-server-compatpkg:npm/code-server
< 0+ 4 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.12.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-2gp3-6c9p-jp7wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-42648ghsaADVISORY
- github.com/cdr/code-server/issues/4355ghsax_refsource_MISCWEB
- github.com/coder/code-server/pull/4430ghsaWEB
News mentions
0No linked articles in our index yet.