CVE-2021-30070

Published: Aug 18, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/hestiacp/hestiacp/commit/9a1fccd37f2842fdf96ffb48895c4bfa9788c469

x_refsource_MISC

https://github.com/hestiacp/hestiacp/commit/27556a9a43aeaf308b33be224c2e70f2011574e6

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-30070

Description

Affected Products

References