Low severityNVD Advisory· Published Feb 22, 2023· Updated Aug 3, 2024
Imperative Local Command Injection allows Activity Masking
CVE-2021-4326
Description
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@zowe/imperativenpm | >= 5.0.0, < 5.7.1 | 5.7.1 |
@zowe/imperativenpm | < 4.18.10 | 4.18.10 |
Affected products
2- Open Mainframe Project/Zowev5Range: 1.16.0
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.