CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.
References
Link Resource
https://github.com/FreeCAD/FreeCAD/pull/5306 Patch Vendor Advisory
https://tracker.freecad.org/view.php?id=4810 Exploit Issue Tracking Patch Vendor Advisory
https://www.debian.org/security/2022/dsa-5229 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:freecadweb:freecad:0.19:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

27 Oct 2022, 19:28

Type Values Removed Values Added
First Time Debian debian Linux
Debian
CPE cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
References (MISC) https://github.com/FreeCAD/FreeCAD/pull/5306 - Vendor Advisory (MISC) https://github.com/FreeCAD/FreeCAD/pull/5306 - Patch, Vendor Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5229 - (DEBIAN) https://www.debian.org/security/2022/dsa-5229 - Third Party Advisory

14 Sep 2022, 16:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5229 -

01 Feb 2022, 17:06

Type Values Removed Values Added
First Time Freecadweb
Freecadweb freecad
CWE CWE-78
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 7.8
References (MISC) https://github.com/FreeCAD/FreeCAD/pull/5306 - (MISC) https://github.com/FreeCAD/FreeCAD/pull/5306 - Vendor Advisory
References (MISC) https://tracker.freecad.org/view.php?id=4810 - (MISC) https://tracker.freecad.org/view.php?id=4810 - Exploit, Issue Tracking, Patch, Vendor Advisory
CPE cpe:2.3:a:freecadweb:freecad:0.19:*:*:*:*:*:*:*

28 Jan 2022, 14:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/FreeCAD/FreeCAD/pull/5306 -

25 Jan 2022, 13:28

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-25 13:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-45845

Mitre link : CVE-2021-45845

CVE.ORG link : CVE-2021-45845


JSON object : View

Products Affected

debian

  • debian_linux

freecadweb

  • freecad
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')