Vulnerabilities > CVE-2021-26276 - Improper Control of Dynamically-Managed Code Resources vulnerability in Godaddy Node-Config-Shield 0.2.2

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

godaddy

CWE-913

NVD

Published: 2021-01-27

Updated: 2024-11-21

Summary

scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data

Vulnerable Configurations

Part	Description	Count
Application	Godaddy Godaddy Node Config Shield 0.2.2	1

Common Weakness Enumeration (CWE)

CWE-913 - Improper Control of Dynamically-Managed Code Resources

References

https://advisory.checkmarx.net/advisory/CX-2021-4773
https://advisory.checkmarx.net/advisory/CX-2021-4773
https://github.com/godaddy/node-config-shield/commit/cdba5d3a7accd661ffbc52e208153464bd0d9da6
https://github.com/godaddy/node-config-shield/commit/cdba5d3a7accd661ffbc52e208153464bd0d9da6