PT-2022-11754 · Zepl · Zepl Notebooks

Ghost

Published

2022-02-25

Updated

2022-03-08

CVE-2021-42952

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zepl Notebooks versions prior to 2021-10-25

Description The issue allows for a sandbox escape, enabling Remote Code Execution from the Notebook. This can lead to accessing internal Zepl assets, including cloud metadata services.

Recommendations For Zepl Notebooks versions prior to 2021-10-25, update to a version released after 2021-10-25 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-42952

Affected Products

Zepl Notebooks

PT-2022-11754 · Zepl · Zepl Notebooks

CVE-2021-42952

Related Identifiers

Affected Products

References · 5