COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2021-42952

CVE-2021-42952

Severity
critical
Source
NVD · cve
Published
2022-02-25
CVSS
9.9
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-42952
⚡ RCE shame 50/100 rce

Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata

Players implicated

zepl · vendorzepl · product

Description

Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.