CVE-2021-30070
on github
Published
Severity
CVSS v3:
7.5 HIGH
CVSS v2:
N/A
Description
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:hestiacp:hestiacp:*:*:*:*:*:*:*:* | n/a | 1.3.5 | * |