CVE-2021-29369
CRITICALgnuplot < 0.1.0 - OS Command Injection via Gnuplot Commands
Title source: llmDescription
The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
https://www.npmjs.com/package/%40rkesters/gnuplot
Patch, Third Party Advisory x_refsource_misc
https://github.com/rkesters/gnuplot/commit/23671d4d3d28570fb19a936a6328bfac742410de
Scores
CVSS v3
9.8
EPSS
0.0178
EPSS Percentile
75.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
gnuplot_project/gnuplot
< 0.1.0
rkesters/gnuplot
0 - 0.1.1npm
Published
May 03, 2021
Tracked Since
Feb 18, 2026