cvedb.io
CVE-2021-42950
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-03-03T03:15:07.023 · Last modified 2026-06-17T04:10:17.263

Summary

Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the product. Once users authenticate, they can proceed to create a new organization by which additional users can be added for various collaboration abilities, which allows malicious user to create new Zepl Notebooks with various languages, contexts, and deployment scenarios. Upon creating a new notebook with specially crafted malicious code, a user can then launch remote code execution.

Affected products

zepl — zepl

Does this affect you?

Add your gear to cvedb and we'll alert you only when zepl ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.