CVE-2021-41280 – Sharetribe Go is a source available marketplace software. In affected versions operating s …

19 November 2021

Vuln ID: CVE-2021-41280

Published: 2021-11-19 20:15:18Z

Description: Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service (SNS) notification token configured via the `sns_notification_token` configuration parameter. This configuration parameter is unset by default. The vulnerability has been patched in version 10.2.1. Users who are unable to upgrade should set the`sns_notification_token` configuration parameter to a secret value.

Source: NVD.NIST.GOV

Date:

19 November 2021

Categories:

NVD

Tags:

NVD

44% of CISOs See No New Investments to Stop Data Breaches10 December 2023
Fake hotel reservation phishing scam uses PDF links to spread MrAnon Stealer10 December 2023
Week in review: Booking.com hotel booking scam, Kali Linux 2023.4 released10 December 2023
Developments in AI, Networks, and Security Will Shape IT Decisions in 202410 December 2023
DDoS Attacks on Rappler Linked to Proxy Service Providers in US and Russia9 December 2023