OS Command Injection in bikeshed
High severity
GitHub Reviewed
Published
Aug 30, 2021
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Aug 16, 2021
Reviewed
Aug 26, 2021
Published to the GitHub Advisory Database
Aug 30, 2021
Last updated
Feb 1, 2023
This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.
References