10 matches found
github.com/pallets/click: Pallets Click: Arbitrary command execution via command injection in click.edit()
A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit function, allows an attacker with an unprivileged account to execute arbitrary operating system OS commands. This could lead to unauthorized control over the affected system...
Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
...
OESA-2026-2305 python-click security update
Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...
OESA-2026-2304 python-click security update
Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...
OESA-2026-2303 python-click security update
Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...
Command Injection
Click is vulnerable to Command Injection. The vulnerability is due to improper handling of user-controlled input in the click.edit function, allowing attackers to inject and execute arbitrary operating system commands from an unprivileged account...
DEBIAN-CVE-2026-7246
Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...
CVE-2026-7246
Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitrary OS commands from an unprivileged account...
Click 命令注入漏洞
Click is a Python toolkit developed by Pallets for creating command-line interfaces. Versions of Click 8.3.2 and earlier have a command injection vulnerability. This vulnerability stems from the click.edit function, which allows for command injection, potentially enabling attackers to execute...