PYSEC-2021-353

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/openvpn-monitor/PYSEC-2021-353.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-353

Aliases

CVE-2021-31605
GHSA-4258-vcjw-wwxx

Published

2021-09-27T06:15:00Z

Modified

2024-02-23T21:12:07.138299Z

Summary

[none]

Details

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.

References

http://packetstormsecurity.com/files/164278/OpenVPN-Monitor-1.1.3-Command-Injection.html
https://github.com/furlongm/openvpn-monitor/releases

Affected packages

PyPI / openvpn-monitor

Package

Name: openvpn-monitor; View open source insights on deps.dev
Purl: pkg:pypi/openvpn-monitor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.0

1.1.2

1.1.3