4 matches found
CVE-2026-34243
wenxian is a tool to generate BIBTEX files from given identifiers DOI, PMID, arXiv ID, or paper title. In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code...
CVE-2026-34243 wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`
wenxian is a tool to generate BIBTEX files from given identifiers DOI, PMID, arXiv ID, or paper title. In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code...
CVE-2026-34243 wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`
wenxian is a tool to generate BIBTEX files from given identifiers DOI, PMID, arXiv ID, or paper title. In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code...
wenxian 操作系统命令注入漏洞
Wenxian is a tool developed by Jinzhe Zeng as a reference format generator based on document identifiers. Versions of Wenxian 0.3.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the use of unvalidated user input directly in...