CVE-2021-4326

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-4326

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4326.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-4326

Aliases

GHSA-6q8m-42qq-64r7

Published

2023-03-01T08:15:10.187Z

Modified

2026-03-14T11:16:01.536843Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.

References

https://github.com/zowe/imperative/

Affected packages

Git / github.com/zowe/api-layer

Affected ranges

Type

GIT

Repo

https://github.com/zowe/api-layer

Events

Introduced

66a791de87e42717282d82616ddb09ba1442e7cd

Fixed

8651756f8ad6ff1b71cd7fd621a285a3c123cf30

Introduced

e9450a009fe42265526cd617cf993ead73fd028e

Fixed

77ed996de9da96dd28175509f700b71c05116f02

Database specific

{
    "versions": [
        {
            "introduced": "1.16.0"
        },
        {
            "fixed": "1.28.2"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.5.0"
        }
    ]
}

Affected versions

Zowe_1.*

Zowe_1.16.0

Zowe_1.17.0

Zowe_1.18.0

Zowe_1.19.0

Zowe_1.20.0

Zowe_1.21.1

Zowe_1.22.0

Zowe_1.23.0

Zowe_1.24.0

Zowe_1.25.0

Zowe_1.26.0

Zowe_1.27.0

Zowe_1.28.0

Zowe_2.*

Zowe_2.0.0

Zowe_2.1.0

Zowe_2.2.0

Zowe_2.3.0

Zowe_2.3.1

Zowe_2.4.0

v0.*

v0.0.25

v1.*

v1.16.0

v1.17.0

v1.17.1

v1.18.0

v1.18.1

v1.19.0

v1.19.1

v1.19.2

v1.20.0

v1.20.1

v1.20.10

v1.20.14

v1.20.15

v1.20.16

v1.20.18

v1.20.19

v1.21.10

v1.21.11

v1.21.12

v1.21.13

v1.21.2

v1.21.3

v1.21.4

v1.21.5

v1.21.6

v1.21.8

v1.21.9

v1.22.0

v1.22.1

v1.22.2

v1.22.3

v1.22.4

v1.23.0

v1.23.1

v1.23.2

v1.23.3

v1.23.4

v1.23.5

v1.23.6

v1.23.7

v1.23.8

v1.24.0

v1.24.2

v1.24.3

v1.24.4

v1.24.5

v1.24.6

v1.24.7

v1.25.0

v1.25.1

v1.25.2

v1.25.3

v1.25.4

v1.25.5

v1.25.6

v1.25.7

v1.26.0

v1.26.1

v1.26.13

v1.26.15

v1.26.16

v1.26.17

v1.26.18

v1.26.19

v1.26.2

v1.26.20

v1.26.3

v1.26.4

v1.26.5

v1.26.6

v1.26.7

v1.26.8

v1.26.9

v1.27.11

v1.27.13

v1.27.15

v1.27.16

v1.27.17

v1.27.18

v1.27.19

v1.27.2

v1.27.20

v1.27.21

v1.27.22

v1.27.23

v1.27.24

v1.27.25

v1.27.26

v1.27.3

v1.27.4

v1.27.5

v1.28.0

v1.28.1

v2.*

v2.0.3

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.4.0

v2.4.1

v2.4.10

v2.4.11

v2.4.12

v2.4.13

v2.4.14

v2.4.15

v2.4.16

v2.4.17

v2.4.18

v2.4.19

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4326.json"