2 matches found
CVE-2026-30314
Ridvay Code’s command auto-approval module contains a critical OS command injection vulnerability. The whitelist relies on fragile regular expressions that fail to account for Shell command substitution ($(…) and backticks), enabling an attacker to craft commands like git log --grep="$(malicious_...
CVE-2026-30314
Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...