Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

Related bugs and status

CVE-2021-23352 (Candidate) is related to these bugs:

Bug #1991839: [MIR] Promote ruby-childprocess as a pcs dependency

Summary				In	Importance	Status
	1991839	[MIR] Promote ruby-childprocess as a pcs dependency		ruby-childprocess (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/pah...
MISC: https://github.com/pah...
MISC: https://snyk.io/vuln/S...