CVE-2021-4326

Name of the Vulnerable Software and Affected Versions Imperative framework (affected versions not specified) Zowe CLI (affected versions not specified)

Description A vulnerability in the Imperative framework allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables.

Recommendations For Imperative framework, restrict access to plugin install/update commands to minimize the risk of exploitation. For Zowe CLI, avoid using maliciously formed environment variables until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.