10 matches found
EUVD-2023-0896
Malicious code in bioql PyPI...
CVE-2023-26107
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...
Arbitrary Code Injection
sketchsvg is vulnerable to Remote Code Execution RCE. The vulnerability exists due to a lack of user input sanitization in when calling the shell.exec method, allowing an attacker to inject and execute malicious code into the system...
SketchSVG Arbitrary Code Injection vulnerability
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...
GHSA-6722-XVQ8-3254 SketchSVG Arbitrary Code Injection vulnerability
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...
CVE-2023-26107
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...
CVE-2023-26107
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...
CVE-2023-26107
The CVE-2023-26107 entry concerns the SketchSVG package. The vulnerability is an Arbitrary Code Injection flaw caused by calling shell.exec without proper sanitization or parameterization, while the command string concatenates the current directory. Affected software is the sketchsvg package (Nod...
SketchSVG 代码注入漏洞
eBay SketchSVG is eBay's tool for extracting icons from Sketch files and compressing them into SVGs. A security vulnerability exists in SketchSVG that stems from vulnerability to arbitrary code injection when shell.exec is called...
Arbitrary Code Injection
Overview sketchsvg is a Command line tool used to convert and compress Sketch Icons/images to SVG and base64 formats. Affected versions of this package are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current...