CVE-2021-33191
- Source
- https://cve.org/CVERecord?id=CVE-2021-33191
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33191.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-33191
- Published
- 2021-08-24T12:15:07.307Z
- Modified
- 2026-04-11T16:25:56.286947Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0
- References
Affected packages
Git / github.com/apache/nifi-minifi-cpp
Affected versions
0.*
0.8.0
minifi-cpp-0.*
minifi-cpp-0.10.0-RC1
minifi-cpp-0.5.0-RC1
minifi-cpp-0.6.0-RC1
minifi-cpp-0.6.0-RC2
minifi-cpp-0.9.0-RC1
minifi-cpp-0.9.0-RC2
rel/minifi-cpp-0.*
rel/minifi-cpp-0.5.0
rel/minifi-cpp-0.6.0
rel/minifi-cpp-0.7.0
rel/minifi-cpp-0.9.0
v0.*
v0.8.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33191.json"
vanir_signatures_modified
"2026-04-11T16:25:56Z"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"45581895519790946967250934562794875588",
"151016016327297584032057121163926636646",
"314908982928140470750857460926719267199",
"71341333786924621204946705680210143174",
"165719634024667977330940939728857333604",
"58973793916061874377499866973162585776",
"108892000830333068251978432811287265972",
"222682067134033337532989291225059412978",
"163886782563618303836103696975440619181",
"7948864718235082529724167424159538356",
"297736869567078051706616618477156666104",
"69642665677732161563076330047730367423",
"288244144923987386073789665914435222895",
"128848792111861270091895155091947350850",
"310609493758370830077401134566376271985",
"8007616920979349810866771208826984492",
"168392778831125291627255422628557502781",
"142112813547317268413875778366731100513",
"114330525453235516346615848320167322001",
"305086334053146969892002765278238048607",
"134719923705061201848279200159970325350",
"88758680868365217704459493958203591983",
"186199130704259739002793895182956688628",
"87491922719095050720150518425708046105",
"13693550200388959513630470151773926784",
"252350572943124561884482201671065231626",
"113773837267095747133581535873427460951",
"297768142834184905768806633564275138266",
"245257710182673518899518098109815329678",
"146218506966919159475019630358227722130",
"308131536253435157437539162032057064648",
"126283221487650246209534056886867358813",
"271576129515329509902152319179203951508",
"6924368914659256471682406321478732305"
]
},
"source": "https://github.com/apache/nifi-minifi-cpp/commit/60d5bc70b567fa7c6689f313a75be17fe7c94080",
"id": "CVE-2021-33191-b4fa8fd1",
"signature_type": "Line",
"target": {
"file": "extensions/librdkafka/tests/ConsumeKafkaTests.cpp"
}
}
]