6 matches found
CVE-2023-40582
creationtimestamp| type| source ---|---|--- 2023-08-30 22:12:21+00:00| seen| https://t.me/cibsecurity/69483...
@gov.au/pancake (>=0.0.6 <=0.0.10), agile-alarm (>=0.0.1 <=0.0.2) +32 more potentially affected by CVE-2023-40582 via find-exec (>=0.0.3 <=1.0.2)
find-exec NPM version =0.0.3, =0.0.6, =0.0.1, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =0.1.0, =0.1.0, =1.4.0, =1.4.9 and more Source cves: CVE-2023-40582 Source advisory: OSV:GHSA-95RP-6GQP-6622...
CVE-2023-40582
The CVE pertains to the find-exec utility, where earlier versions (prior to 1.0.3) fail to properly escape user input, enabling Command Injection via attacker-controlled parameters. This could allow an attacker to run arbitrary shell commands with the privileges of the running process. The issue ...
CVE-2023-40582 Command Injection Vulnerability in find-exec
find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...
CVE-2023-40582 Command Injection Vulnerability in find-exec
find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...
CVE-2023-40582 Command Injection Vulnerability in find-exec
find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...