MISP - Command Injection vulnerability in Opendata export

DATE

29.09.2021

Affected Vendor

CIRCL – Computer Incident Response Center Luxembourg

Affected Product

MISP – Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/

Vulnerable version

2.4.147

Fixed version

2.4.148

CVSS

9.9 Critical CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Recommendations

Update to MISP version 2.4.148

Vulnerability details

A user can inject operating system commands when exporting data in Opendata format.

CVE

CVE-2021-41326

Credits

Dawid Czarnecki

References

https://cvepremium.circl.lu/cve/CVE-2021-41326
https://github.com/MISP/MISP/commit/e36f73947e741bc97320f0c42199acd1a94c7051
https://nvd.nist.gov/vuln/detail/CVE-2021-41326

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

Have Any Questions?

MISP – Command Injection vulnerability in Opendata export

NEED A CONSULTATION?

contact@zigrin.com

GPG Key

Get a free consultation