CVE-2021-32826 MEDIUM

CVE-2021-32826: Remote code execution in Proxyee-Down

Vendor Proxyee-Down-Org
Product proxyee-down
Weakness CWE-78
Published August 16, 2021
Last update August 3, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

Proxyee-Down is open source proxy software. An attacker being able to provide an extension script (eg: through a MiTM attack or by hosting a malicious extension) may be able to run arbitrary commands on the system running Proxyee-Down. For more details including a PoC see the referenced GHSL-2021-053. As of the writing of this CVE there is currently no patched version.

Key dates

02Disclosure timeline

August 16, 2021 CVE published
August 3, 2024 Record updated