Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-pbc8-5ghu-97b7
Vulnerability ID VCID-pbc8-5ghu-97b7
Aliases CVE-2021-42343
GHSA-hwqr-f3v9-hwxr
GHSA-j8fq-86c5-5v2r
PYSEC-2021-387
PYSEC-2021-871
PYSEC-2021-872
Summary arbitrary code execution
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-668 Exposure of Resource to Wrong Sphere
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0468 https://api.first.org/data/v1/epss?cve=CVE-2021-42343
cvssv3.1 9.8 https://docs.dask.org/en/latest/changelog.html
cvssv4 9.3 https://docs.dask.org/en/latest/changelog.html
generic_textual CRITICAL https://docs.dask.org/en/latest/changelog.html
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-hwqr-f3v9-hwxr
cvssv3.1 9.8 https://github.com/advisories/GHSA-j8fq-86c5-5v2r
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-j8fq-86c5-5v2r
cvssv4 9.3 https://github.com/advisories/GHSA-j8fq-86c5-5v2r
generic_textual CRITICAL https://github.com/advisories/GHSA-j8fq-86c5-5v2r
cvssv3.1 9.8 https://github.com/dask/dask/tags
cvssv4 9.3 https://github.com/dask/dask/tags
generic_textual CRITICAL https://github.com/dask/dask/tags
cvssv3.1 9.8 https://github.com/dask/distributed
cvssv4 9.3 https://github.com/dask/distributed
generic_textual CRITICAL https://github.com/dask/distributed
cvssv3.1 9.8 https://github.com/dask/distributed/commit/afce4be8e05fb180e50a9d9e38465f1a82295e1b
cvssv4 9.3 https://github.com/dask/distributed/commit/afce4be8e05fb180e50a9d9e38465f1a82295e1b
generic_textual CRITICAL https://github.com/dask/distributed/commit/afce4be8e05fb180e50a9d9e38465f1a82295e1b
cvssv3.1 9.8 https://github.com/dask/distributed/pull/5427
cvssv4 9.3 https://github.com/dask/distributed/pull/5427
generic_textual CRITICAL https://github.com/dask/distributed/pull/5427
cvssv3.1 9.8 https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
cvssv3.1_qr CRITICAL https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
cvssv4 9.3 https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
generic_textual CRITICAL https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
cvssv3.1 9.8 https://github.com/pypa/advisory-database/tree/main/vulns/dask/PYSEC-2021-387.yaml
cvssv4 9.3 https://github.com/pypa/advisory-database/tree/main/vulns/dask/PYSEC-2021-387.yaml
generic_textual CRITICAL https://github.com/pypa/advisory-database/tree/main/vulns/dask/PYSEC-2021-387.yaml
cvssv3.1 9.8 https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-871.yaml
cvssv4 9.3 https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-871.yaml
generic_textual CRITICAL https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-871.yaml
cvssv3.1 9.8 https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-872.yaml
cvssv4 9.3 https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-872.yaml
generic_textual CRITICAL https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-872.yaml
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42343
cvssv4 9.3 https://nvd.nist.gov/vuln/detail/CVE-2021-42343
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2021-42343
archlinux Medium https://security.archlinux.org/AVG-2496
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-42343
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42343
https://docs.dask.org/en/latest/changelog.html
https://github.com/advisories/GHSA-j8fq-86c5-5v2r
https://github.com/dask/dask/tags
https://github.com/dask/distributed
https://github.com/dask/distributed/commit/afce4be8e05fb180e50a9d9e38465f1a82295e1b
https://github.com/dask/distributed/pull/5427
https://github.com/pypa/advisory-database/tree/main/vulns/dask/PYSEC-2021-387.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-871.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-872.yaml
AVG-2496 https://security.archlinux.org/AVG-2496
CVE-2021-42343 https://nvd.nist.gov/vuln/detail/CVE-2021-42343
GHSA-hwqr-f3v9-hwxr https://github.com/advisories/GHSA-hwqr-f3v9-hwxr
GHSA-hwqr-f3v9-hwxr https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://docs.dask.org/en/latest/changelog.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://docs.dask.org/en/latest/changelog.html
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/advisories/GHSA-j8fq-86c5-5v2r
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/advisories/GHSA-j8fq-86c5-5v2r
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/dask/dask/tags
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/dask/dask/tags
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/dask/distributed
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/dask/distributed
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/dask/distributed/commit/afce4be8e05fb180e50a9d9e38465f1a82295e1b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/dask/distributed/commit/afce4be8e05fb180e50a9d9e38465f1a82295e1b
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/dask/distributed/pull/5427
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/dask/distributed/pull/5427
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/dask/PYSEC-2021-387.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/dask/PYSEC-2021-387.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-871.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-871.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-872.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/distributed/PYSEC-2021-872.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-42343
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-42343
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.89574
EPSS Score 0.0468
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T19:57:46.123987+00:00 Arch Linux Importer Import https://security.archlinux.org/AVG-2496 38.6.0