PT-2022-11753 · Algorithmia · Algorithmia

Ghost

Published

2022-03-01

Updated

2022-03-10

CVE-2021-42951

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Algorithmia MSOL versions prior to October 10, 2021

Description A Remote Code Execution (RCE) issue exists, allowing users to launch remote code execution after authenticating and creating a specially crafted Algorithm. Users can register for an account, receive credits, and then proceed to exploit this issue.

Recommendations For versions prior to October 10, 2021, consider disabling the ability to create new Algorithms until a fix is available, and restrict the launch of remote code execution to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-42951

Affected Products

Algorithmia

PT-2022-11753 · Algorithmia · Algorithmia

CVE-2021-42951

Related Identifiers

Affected Products

References · 6