CVE-2021-39172

Name of the Vulnerable Software and Affected Versions Cachet versions prior to 2.5.1

Description Cachet is an open source status page system. Authenticated users, regardless of their privileges, can exploit a new line injection in the configuration edition feature and gain arbitrary code execution on the server. This issue was addressed by improving UpdateConfigCommandHandler and preventing the use of new lines characters in new configuration values.

Recommendations For versions prior to 2.5.1, update to version 2.5.1 to resolve the issue. As a temporary workaround, only allow trusted source IP addresses to access the administration dashboard.