CVE-2021-45466

Name of the Vulnerable Software and Affected Versions Control Web Panel versions prior to 0.9.8.1107

Description The issue is related to incorrect code generation management in the application. It allows a remote attacker to execute arbitrary code using a specially crafted request. Specifically, attackers can make a crafted request to "api/?api=add server&DHCP=" to add an authorized keys text file in the /resources/ folder.

Recommendations For versions prior to 0.9.8.1107, update to version 0.9.8.1107 or later to resolve the issue. As a temporary workaround, consider restricting access to the "api/?api=add server&DHCP=" endpoint until a patch is available. Avoid using the DHCP parameter in the affected API endpoint until the issue is resolved.