A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.

Related CVEs

CVE-2021-37195

Key Information

GHSA ID

GHSA-2w4f-8m3p-jrxr

Published

February 10, 2022 12:01 AM

Last Modified

April 13, 2022 12:01 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 13, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.