furlongm openvpn-monitor command injection

GHSA-4258-vcjw-wwxx · CVE-2021-31605 · PYSEC-2021-353

Published May 24, 2022 · Modified Oct 8, 2024

Description

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal SIGTERM.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-31605
PACKAGE https://github.com/furlongm/openvpn-monitor
WEB https://github.com/furlongm/openvpn-monitor/releases
WEB https://github.com/pypa/advisory-database/tree/main/vulns/openvpn-monitor/PYSEC-2021-353.yaml
WEB http://packetstormsecurity.com/files/164278/OpenVPN-Monitor-1.1.3-Command-Injection.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes