How severe is CVE-2021-21386?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-21386?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2021-21386 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name. The problem is fixed in version v2.0.6-dev and above.

Related Vulnerabilities

CVE-1999-0043

CRITICAL

CVSS:9.8(Critical)

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

CWE-781999

CVE-2005-10003

MEDIUM

CVSS:9.8(Critical)

A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possib...

CWE-782005

CVE-2011-2195

CRITICAL

CVSS:9.8(Critical)

A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument ...

CWE-782011

CVE-2011-2523

CRITICAL

CVSS:9.8(Critical)

vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.

CWE-782011

CVE-2012-5878

CRITICAL

CVSS:9.8(Critical)

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (...

CWE-782012

CVE-2013-1599

CRITICAL

CVSS:9.8(Critical)

A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-110...

CWE-782013