CVE-2021-23352

Summary

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

Affected Software

VendorProductVersion RangeStatus
n/amadgeunspecified < 4.0.1affected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

References