{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T22:19:43.756","vulnerabilities":[{"cve":{"id":"CVE-2021-32830","sourceIdentifier":"security-advisories@github.com","published":"2021-08-17T18:15:07.130","lastModified":"2024-11-21T06:07:50.350","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. All versions of this package are vulnerable as of the writing of this CVE."},{"lang":"es","value":"El paquete npm @diez/generation es un cliente para Diez. El método locateFont de @diez/generation presenta una vulnerabilidad de inyección de comandos. Es poco probable que los clientes de la biblioteca @diez/generation sean conscientes de ello, por lo que podrían escribir involuntariamente código que contenga una vulnerabilidad. Este problema puede conllevar a una ejecución de código remota si un cliente de la biblioteca llama al método vulnerable con una entrada no confiable. Todas las versiones de este paquete son vulnerables en el momento de escribir esta CVE."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":3.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haikuforteams:diez:-:*:*:*:*:node.js:*:*","matchCriteriaId":"767D2960-8B3D-47B2-B7D7-2FA01DDE1387"}]}]}],"references":[{"url":"https://github.com/diez/diez","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://securitylab.github.com/advisories/GHSL-2021-061-diez-generation-cmd-injection/","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.npmjs.com/package/%40diez/generation","source":"security-advisories@github.com"},{"url":"https://github.com/diez/diez","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://securitylab.github.com/advisories/GHSL-2021-061-diez-generation-cmd-injection/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.npmjs.com/package/%40diez/generation","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}