CVE-2021-23055

MEDIUM

NGINX Ingress Controller <2.0.3-1.12.3 - Command Injection

Title source: llm
STIX 2.1

Description

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

Core 1
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K01051452

Scores

CVSS v3 6.5
EPSS 0.0018
EPSS Percentile 39.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-732
Status published
Products (1)
f5/nginx_ingress_controller 1.0.0 - 1.12.3
Published Apr 21, 2022
Tracked Since Feb 18, 2026