CVE-2021-23154

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-23154

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23154.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-23154

Published

2022-01-10T16:15:08.410Z

Modified

2026-04-10T04:51:41.735316Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.

References

https://github.com/Mirantis/security/blob/main/advisories/0003.md

Affected packages

Git / github.com/lensapp/lens

Affected ranges

Type

GIT

Repo

https://github.com/lensapp/lens

Events

Introduced

Last affected

c651fc1b428fbaaa72edbcf8cdc550b29252a336

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.3"
        }
    ]
}

Affected versions

v2.*

v2.7.0

v3.*

v3.0.0

v3.0.0-rc.1

v3.0.0-rc.2

v3.0.0-rc.3

v3.0.1

v3.1.0-beta.1

v3.6.5-rc.1

v4.*

v4.2.0-beta.1

v5.*

v5.0.0-beta.1

v5.3.0

v5.3.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23154.json"