Lucene search
+L

4 matches found

EUVD
EUVD
added 2026/01/13 8:29 p.m.6 views

EUVD-2026-2094

Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file...

7.2AI score
Exploits0References2
Snyk
Snyk
added 2026/01/13 8:29 p.m.5 views

Arbitrary Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied depName in the packagesToUpdate functions of gleam manager. An attacker can execute arbitrary commands on the host system by...

8.4CVSS7.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/13 8:29 p.m.9 views

Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file

Summary The user-provided string depName in the gleam manager is appended to the gleam deps update command without proper sanitization. Details Adversaries can provide a maliciously crafted gleam.toml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute arbitrar...

8.2AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/13 8:29 p.m.3 views

GHSA-XJR7-3C3G-M763 Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file

Summary The user-provided string depName in the gleam manager is appended to the gleam deps update command without proper sanitization. Details Adversaries can provide a maliciously crafted gleam.toml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute arbitrar...

6.7CVSS8.1AI score
Exploits0References2
Rows per page
Query Builder