{"schema_version":"1.7.2","id":"OESA-2024-1159","modified":"2024-02-08T11:06:57Z","published":"2024-02-08T11:06:57Z","upstream":["CVE-2021-33633"],"summary":"aops-ceres security update","details":"An agent which needs to be adopted in client, it managers some plugins, such as gala-gopher(kpi collection), fluentd(log collection) and so on.\r\n\r\nSecurity Fix(es):\r\nIn versions 1.3.0-1.4.1 of the ceres software package, the execute_shell_command function does not properly verify or filter the command or subcommand parameters entered by users. This allows an attacker to exploit the vulnerability by injecting malicious code and execute arbitrary commands locally. Attackers can exploit this vulnerability to perform unauthorized operations, which may cause severe security threats and losses to the system.(CVE-2021-33633)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"aops-ceres","purl":"pkg:rpm/openEuler/aops-ceres\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"v1.3.4-14.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["da-tool-v1.3.4-14.oe2003sp4.aarch64.rpm","dnf-hotpatch-plugin-v1.3.4-14.oe2003sp4.aarch64.rpm","aops-ceres-v1.3.4-14.oe2003sp4.aarch64.rpm"],"src":["aops-ceres-v1.3.4-14.oe2003sp4.src.rpm"],"x86_64":["da-tool-v1.3.4-14.oe2003sp4.x86_64.rpm","dnf-hotpatch-plugin-v1.3.4-14.oe2003sp4.x86_64.rpm","aops-ceres-v1.3.4-14.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"aops-ceres","purl":"pkg:rpm/openEuler/aops-ceres\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"v1.4.1-6.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["aops-ceres-v1.4.1-6.oe2203sp3.aarch64.rpm","da-tool-v1.4.1-6.oe2203sp3.aarch64.rpm","dnf-hotpatch-plugin-v1.4.1-6.oe2203sp3.aarch64.rpm"],"src":["aops-ceres-v1.4.1-6.oe2203sp3.src.rpm"],"x86_64":["aops-ceres-v1.4.1-6.oe2203sp3.x86_64.rpm","da-tool-v1.4.1-6.oe2203sp3.x86_64.rpm","dnf-hotpatch-plugin-v1.4.1-6.oe2203sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1159"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33633"}],"database_specific":{"severity":"High"}}