Zowe Cli · Zowe Cli · CVE-2021-4326
**Name of the Vulnerable Software and Affected Versions**
Imperative framework (affected versions not specified)
Zowe CLI (affected versions not specified)
**Description**
A vulnerability in the Imperative framework allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables.
**Recommendations**
For Imperative framework, restrict access to plugin install/update commands to minimize the risk of exploitation.
For Zowe CLI, avoid using maliciously formed environment variables until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.