CVE-2021-28571

Name of the Vulnerable Software and Affected Versions Adobe After Effects versions 18.1 and earlier

Description The issue is related to the failure to neutralize special elements used in operating system commands, which can lead to command injection. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction, where a victim must open a malicious file.

Recommendations For Adobe After Effects versions 18.1 and earlier, consider restricting the use of development and debugging tools for JavaScript scripts until a patch is available. As a temporary workaround, avoid opening malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.