Lucene search
K

4 matches found

NVD
NVD
added 2026/05/26 5:16 p.m.21 views

CVE-2026-44723

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

9.9CVSS0.00469EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/26 3:49 p.m.38 views

CVE-2026-44723 Vowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runner

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

5CVSS0.00469EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/26 3:49 p.m.10 views

CVE-2026-44723 Vowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runner

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

5CVSS6.1AI score0.00469EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

vowpal_wabbit 安全漏洞

vowpalwabbit is an open-source fast online machine learning system developed by Vowpal Wabbit. There is a security vulnerability in vowpalwabbit, which stems from directly embedding PR titles into bash strings within the workflow. This could lead to arbitrary command execution...

9.9CVSS5.9AI score0.00469EPSS
Exploits1References3
Rows per page
Query Builder