37 matches found
CVE-2019-5483
Seneca 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users...
CVE-2019-10362
Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables...
Environment Variable Exposure
Shescape is vulnerable to Environment Variable Exposure. The vulnerability is due to improper escaping of % characters in user input when using shell: 'cmd.exe' or shell: true, which allows an attacker to read environment variables through unintended variable substitution...
Shescape has potential environment variable exposure on Windows with CMD
Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...
GHSA-66PP-5P9W-Q87J Shescape has potential environment variable exposure on Windows with CMD
Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...
CVE-2025-30222
Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...
CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD
Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...
CVE-2025-30222
Shescape vulnerability (CVE-2025-30222) affects versions 1.7.2–2.1.1 of the JavaScript shell-escape library. On Windows, when shell: 'cmd.exe' or shell: true is configured and any of quote/quoteAll/escape/escapeAll is used, an attacker may gain read-only access to environment variables due to env...
CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD
Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...
PT-2024-30549
Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description A low privileged remote attacker can perform configuration changes of the ospf service through OSPF INTERFACE.SIMPLE KEY and OSPF INTERFACE.DIGEST KEY...
PT-2023-30742 · Laf · Laf
Name of the Vulnerable Software and Affected Versions: Laf versions prior to 1.0.0-beta.13 Description: Laf is a cloud development platform where the control of LAF app environment variables is not strict enough, potentially leading to sensitive information leakage in secret and configmap. This...
CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...
CVE-2023-29545
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are...
CVE-2023-28444 angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript .ts files during build time of an Angular CLI project. The...
Linux Kernel: Multiple information leaks
Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...
Possible IE5.0 exposure of local environment variables
I ran across this today, anyone have any thoughts? I'm using a moderately patched IE 5.0 browser on NT 4.0 SP5 workstation. Couldn't find any reference to this in the archives, but maybe it's been covered before. I type in the url www.home.com/computername & press enter, then and IE actually...
Black Watch Labs Vulnerability Alert
Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs...