CVE-2021-29300

CRITICAL

@ronomon/opened < 1.5.2 - OS Command Injection via Untrusted Input

Title source: llm

Description

The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input.

References (2)

Core 2

Core References

Patch, Third Party Advisory x_refsource_confirm

https://github.com/ronomon/opened/commit/7effe011d4fea8fac7f78c00615e0a6e69af68ec

View Patch ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://advisory.checkmarx.net/advisory/CX-2021-4775

Scores

CVSS v3 9.8

EPSS 0.0451

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (2)

ronomon/opened < 1.5.2

ronomon/opened 0 - 1.5.2npm

Published May 24, 2021

Tracked Since Feb 18, 2026