906 matches found
GHSA-VX24-X4MV-VWR5 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
Description Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Version 1.20.0 fixes the...
CVE-2024-41815
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...
CVE-2024-41815
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...
CVE-2024-41815
Starship (shell prompt) is affected by CVE-2024-41815: before 1.20.0, undocumented shell expansion/quoting in custom commands can lead to shell injection in Bash. Impact is limited to users with custom commands, but local exploitation is possible. Version 1.20.0 contains the fix; upgrade to mitig...
CVE-2024-41815 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...
CVE-2024-41815 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...
CVE-2024-41815 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...
CVE-2024-41815
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...
RUSTSEC-2024-0446 Shell expansion in custom commands
Summary Undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Details I wanted to show the git commit name in my prompt I use bash, so I added a command: custom.gitcommitname comma...
Shell expansion in custom commands
Summary Undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Details I wanted to show the git commit name in my prompt I use bash, so I added a command: custom.gitcommitname comma...
Starship 安全漏洞
Starship is an open source prompt program for any shell by Starship Command. A security vulnerability exists in Starship version 1.0.0 through versions prior to 1.20.0. An attacker exploited the vulnerability to cause shell injection...
PT-2024-29581 · Starship · Starship
Name of the Vulnerable Software and Affected Versions: Starship versions 1.0.0 through 1.19.x Description: Starship is a cross-shell prompt that has undocumented and unpredictable shell expansion and/or quoting rules, making it easy to accidentally cause shell injection when using custom commands...
CVE-2024-3121
Parisneo/lollms version 5.9.0 is affected by CVE-2024-3121. The issue resides in create_conda_env, where unsafely using subprocess.Popen with shell=True injects commands via env_name and python_version, enabling Remote Code Execution. The vulnerability is demonstrated by potential execution of co...
RHEL 7 : python-pygments (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-pygments: Shell injection in FontManager.getnixfontpath CVE-2015-8557 Note that Nessus has not tested for th...
GLSA-202405-13 : borgmatic: Shell Injection
The remote host is affected by the vulnerability described in GLSA-202405-13 borgmatic: Shell Injection Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. @NOAGENT@ The descriptive text...
borgmatic: Shell Injection
Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...
Ubuntu: Security Advisory (USN-6730-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Maven Shared Utils vulnerability (USN-6730-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6730-1 advisory. It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell...
USN-6730-1 maven-shared-utils vulnerability
It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code...
USN-6730-1: Apache Maven Shared Utils vulnerability
It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code...