{"vulnerability": "CVE-2021-4435", "sightings": [{"uuid": "f524cb36-af6b-446b-b000-989b643d180a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44352", "type": "seen", "source": "https://bsky.app/profile/gothburz.bsky.social/post/3lexf6hk3gu2s", "content": "", "creation_timestamp": "2025-01-05T00:42:21.521968Z"}, {"uuid": "7c052ce6-8141-4a6e-a840-e495f5072722", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4435", "type": "seen", "source": "https://t.me/ctinow/192551", "content": "https://ift.tt/jn74Urp\nCVE-2021-4435 | yarn prior 1.22.13 untrusted search path", "creation_timestamp": "2024-02-24T12:11:54.000000Z"}, {"uuid": "dd724e53-8378-4428-8899-3f31d896199f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4435", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18597", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-4435\n\ud83d\udd25 CVSS Score: 7.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.\n\ud83d\udccf Published: 2024-02-04T19:16:35.651Z\n\ud83d\udccf Modified: 2025-06-17T14:29:17.224Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2021-4435\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2262284\n3. https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1\n4. https://github.com/yarnpkg/yarn/releases/tag/v1.22.13", "creation_timestamp": "2025-06-17T14:40:05.000000Z"}, {"uuid": "f3a000df-8e9a-422f-b0bf-ea22265b82d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44351", "type": "seen", "source": "https://t.me/cibsecurity/35033", "content": "\u203c CVE-2021-44351 \u203c\n\nAn arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-06T14:40:56.000000Z"}, {"uuid": "ae11ce13-551e-4e84-9caf-72b72fe32d5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4435", "type": "seen", "source": "https://t.me/ctinow/178932", "content": "https://ift.tt/2m7lfgH\nCVE-2021-4435", "creation_timestamp": "2024-02-04T21:21:25.000000Z"}, {"uuid": "e69ececd-1234-4a4d-86c1-8ab09f924ea9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44354", "type": "seen", "source": "https://t.me/cibsecurity/40816", "content": "\u203c CVE-2021-44354 \u203c\n\nMultiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T00:19:27.000000Z"}, {"uuid": "ab1bdad3-fec4-47cc-ad0e-2e0c1120420e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44355", "type": "seen", "source": "https://t.me/cibsecurity/40828", "content": "\u203c CVE-2021-44355 \u203c\n\nMultiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T00:23:41.000000Z"}, {"uuid": "d50fdf93-d352-4ccc-8488-93144154d3e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44356", "type": "seen", "source": "https://t.me/cibsecurity/40830", "content": "\u203c CVE-2021-44356 \u203c\n\nMultiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T00:23:43.000000Z"}, {"uuid": "41e827b0-6a0e-4966-ba54-9795b0e11137", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44358", "type": "seen", "source": "https://t.me/cibsecurity/36543", "content": "\u203c CVE-2021-44358 \u203c\n\nA denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-29T00:28:06.000000Z"}, {"uuid": "9f846ebb-65db-4b9e-bb07-4deee44811de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44352", "type": "seen", "source": "https://t.me/cibsecurity/33335", "content": "\u203c CVE-2021-44352 \u203c\n\nA Stack-based Buffer Overflow vlnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-03T22:38:07.000000Z"}]}