Arbitrary Command Execution Vulnerability in Proxyee-Down

Arbitrary Command Execution Vulnerability in Proxyee-Down

CVE-2021-32826 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Proxyee-Down is open source proxy software. An attacker being able to provide an extension script (eg: through a MiTM attack or by hosting a malicious extension) may be able to run arbitrary commands on the system running Proxyee-Down. For more details including a PoC see the referenced GHSL-2021-053. As of the writing of this CVE there is currently no patched version.

Learn more about our Open Source Audit.