8 matches found
CVE-2026-7191
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...
CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...
CVE-2026-7191
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...
CVE-2026-7191
The CVE-2026-7191 entry concerns the open source solution qnabot-on-aws (versions ≤ 7.2.4). A misuse of the static-eval npm package allows an authenticated administrator to bypass the expression sandbox via a crafted conditional chaining expression in the Content Designer interface, enabling Java...
EUVD-2026-25921
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...
CVE-2026-7191 Arbitrary Code Execution via Sandbox Bypass in the open source solution QnABot on AWS
Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Conten...
PT-2026-35526
Name of the Vulnerable Software and Affected Versions qnabot-on-aws versions prior to 7.3.0 Description Improper use of the static-eval npm package allows an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context. This is achieved by injecting a...
aws-solutions QnABot on AWS 代码注入漏洞
aws-solutions QnABot on AWS is a multilingual chatbot developed by the aws-solutions company. Versions of aws-solutions QnABot on AWS prior to version 7.2.4 contained a code injection vulnerability. This vulnerability stemmed from improper use of static evaluated npm packages. It could allow...