CVE-2021-21348

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2021-21348 is a security vulnerability that affects the popular open-source software package manager npm. It was discovered in February 2021, and a patch was released shortly after. The vulnerability allows an attacker to execute arbitrary code on a user's system by tricking them into installing a malicious package. This could potentially lead to complete control of the victim's machine, data theft, and other harmful actions. The vulnerability is caused by a flaw in the way npm handles scripts that are included in a package's metadata. Specifically, it allows an attacker to inject arbitrary commands into a package's "preinstall" script, which is executed before the package is installed on the user's system. By doing so, an attacker could execute arbitrary code with the privileges of the user running the install command. In response to the discovery of the vulnerability, the npm maintainers quickly released a patch and advised all users to upgrade to a version of npm that includes the fix. Users should also be cautious when installing packages from untrusted sources and verify the integrity of any packages they download. While there have been no reports of this vulnerability being exploited in the wild, it is important for users to take steps to protect themselves and keep their systems secure.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2021-21348 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Multiple vulnerabilities in IBM Security Verify Governance