SaltStack Salt is vulnerable to shell injection via ProxyCommand argument

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

GHSA-8RP6-X3R7-5QW3 SaltStack Salt is vulnerable to shell injection via ProxyCommand argument

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

SaltStack Salt Command Injection in netapi ssh client

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection...

GHSA-RHGR-952R-6P8Q Command injection in Apache Maven maven-shared-utils

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

DEBIAN-CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

Design/Logic Flaw

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

UBUNTU-CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

CVE-2022-29599

CVE-2022-29599 affects the Maven project’s shared utilities: maven-shared-utils, prior to version 3.3.3. The issue lies in the Commandline class, which can emit double-quoted strings without proper escaping, enabling shell injection attacks. The vulnerability is reported with high severities (CVS...

CVE-2022-29599 Commandline class shell injection vulnerabilities

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...

Mercurial is vulnerable to shell injection attack

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...

GHSA-3QMG-C9VC-R47J Mercurial is vulnerable to shell injection attack

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...

Akeneo PIM vulnerable to shell injection in the mass edition

Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...

GHSA-Q8CR-XPHM-7GFV Akeneo PIM vulnerable to shell injection in the mass edition

Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...

AZL-9649 CVE-2022-1292 affecting package openssl for versions less than 1.1.1k-15

The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...

maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...