2 matches found
Arbitrary Command Injection
Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied depName in the packagesToUpdate functions of gleam manager. An attacker can execute arbitrary commands on the host system by...
Arbitrary Command Injection
Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied depName in the packagesToInstall and packagesToUninstall functions of hermit manager. An attacker can execute arbitrary...