CVE-2021-34816

Name of the Vulnerable Software and Affected Versions Etherpad version 1.8.13

Description The issue is related to an Argument Injection problem in the plugin management of Etherpad, allowing privileged users to execute arbitrary code on the server. This can be achieved by installing plugins from an attacker-controlled source, potentially enabling remote code execution.

Recommendations For Etherpad version 1.8.13, consider restricting plugin installations to trusted sources until a patch is available. As a temporary workaround, limit the privileges of users who can install plugins to minimize the risk of exploitation.