How severe is CVE-2021-21413?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2021-21413?

This is classified as CWE-913, which is a common weakness in software security.

CVE-2021-21413

CRITICAL Year: 2021

CVSS v3 Score

9.6

Critical

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-913

View all →

Vulnerability Description

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an environment where the implementer has exposed a Reference instance to an attacker they would be able to use it to acquire a Reference to the nodejs context's Function object. Similar application-specific attacks could be possible by modifying the local prototype of other API objects. Access to NativeModule objects could allow an attacker to load and run native code from anywhere on the filesystem. If combined with, for example, a file upload API this would allow for arbitrary code execution. This is addressed in v4.0.0 through a series of related changes.

CVE-2014-9852

CRITICAL

CVSS:9.8(Critical)

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.

CWE-9132014

CVE-2017-3202

CRITICAL

CVSS:9.8(Critical)

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and sub...

CWE-9132017

CVE-2020-15568

CRITICAL

CVSS:9.8(Critical)

TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attack...

CWE-9132020

CVE-2021-22387

CRITICAL

CVSS:9.8(Critical)

There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands.

CWE-9132021

CVE-2021-32563

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) witho...

CWE-9132021

CVE-2023-25560

CRITICAL

CVSS:9.8(Critical)

DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple...

CWE-9132023

CVE-2021-21413

Vulnerability Description

Related Vulnerabilities

CVE-2014-9852

CVE-2017-3202

CVE-2020-15568

CVE-2021-22387

CVE-2021-32563

CVE-2023-25560