CVE-2021-44079

CVE-2021-44079

EPSS 3.3%

In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/wazuh/wazuh/issues/10858 https://github.com/wazuh/wazuh/issues/10858#issuecomment-991118254 https://github.com/wazuh/wazuh/pull/10809