Lucene search
K

37 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:36 a.m.5 views

CVE-2019-5483

Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...

5.3CVSS6.6AI score0.01181EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.8 views

CVE-2019-10362

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...

5.5CVSS6.7AI score0.00737EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/07 6:12 a.m.9 views

Environment Variable Exposure

Shescape is vulnerable to Environment Variable Exposure. The vulnerability is due to improper escaping of % characters in user input when using shell: 'cmd.exe' or shell: true, which allows an attacker to read environment variables through unintended variable substitution...

5.9CVSS6.9AI score0.0018EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/26 2:54 p.m.11 views

Shescape has potential environment variable exposure on Windows with CMD

Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...

5.9CVSS7AI score0.0018EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/03/26 2:54 p.m.7 views

GHSA-66PP-5P9W-Q87J Shescape has potential environment variable exposure on Windows with CMD

Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...

5.9CVSS6.3AI score0.0018EPSS
Exploits0References6
NVD
NVD
added 2025/03/25 11:15 p.m.17 views

CVE-2025-30222

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

5.9CVSS0.0018EPSS
Exploits0References4
OSV
OSV
added 2025/03/25 11:0 p.m.17 views

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

5.9CVSS6.7AI score0.0018EPSS
Exploits0References6
CVE
CVE
added 2025/03/25 11:0 p.m.75 views

CVE-2025-30222

Shescape vulnerability (CVE-2025-30222) affects versions 1.7.2–2.1.1 of the JavaScript shell-escape library. On Windows, when shell: 'cmd.exe' or shell: true is configured and any of quote/quoteAll/escape/escapeAll is used, an attacker may gain read-only access to environment variables due to env...

5.9CVSS7AI score0.0018EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/25 11:0 p.m.12 views

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

5.9CVSS0.0018EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.4 views

PT-2024-30549

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description A low privileged remote attacker can perform configuration changes of the ospf service through OSPF INTERFACE.SIMPLE KEY and OSPF INTERFACE.DIGEST KEY...

8.1CVSS5.9AI score0.00519EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.6 views

PT-2023-30742 · Laf · Laf

Name of the Vulnerable Software and Affected Versions: Laf versions prior to 1.0.0-beta.13 Description: Laf is a cloud development platform where the control of LAF app environment variables is not strict enough, potentially leading to sensitive information leakage in secret and configmap. This...

9.1CVSS8.8AI score0.00796EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/06/23 7:32 p.m.10 views

CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...

3.1CVSS3.8AI score0.00811EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/06/19 10:7 a.m.7 views

CVE-2023-29545

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...

5.2AI score0.00584EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/03/24 7:58 p.m.5 views

CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...

9.9CVSS7AI score0.00759EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2004/08/25 12:0 a.m.65 views

Linux Kernel: Multiple information leaks

Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...

4.6CVSS6.2AI score0.00766EPSS
Exploits5
securityvulns
securityvulns
added 2001/04/09 12:0 a.m.35 views

Possible IE5.0 exposure of local environment variables

I ran across this today, anyone have any thoughts? I'm using a moderately patched IE 5.0 browser on NT 4.0 SP5 workstation. Couldn't find any reference to this in the archives, but maybe it's been covered before. I type in the url www.home.com/computername & press enter, then and IE actually...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2000/05/11 12:0 a.m.29 views

Black Watch Labs Vulnerability Alert

Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs...

6.8AI score
Exploits0
Rows per page
Query Builder