Security Advisory

CVE-2021-23420

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-11 12:15:12
Last updated 2024-09-16 17:33:12
Assigner snyk
State PUBLISHED

Description

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation.