Lucene search
+L

5 matches found

nvd
nvd
added 2026/06/26 5:16 p.m.9 views

CVE-2026-45408

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...

9CVSS0.00234EPSS
Exploits0References2
osv
osv
added 2026/06/26 4:19 p.m.1 views

CVE-2026-45408 Dokku: OS Command Injection via App Name in Git Pre-Receive Hook

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...

9CVSS6.1AI score0.00234EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/26 4:19 p.m.8 views

CVE-2026-45408

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc...

9CVSS5.8AI score0.00234EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/06/26 4:19 p.m.10 views

EUVD-2026-39801

Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex ^a-z0-9^/:A-Z$ permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc EOF...

9CVSS6AI score0.00234EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.22 views

PT-2026-52853

Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.2 Description An issue exists where the app name validation regex permits shell metacharacters. An authenticated user can exploit this by pushing to a git remote using a crafted app name. This name is embedded...

9CVSS6.2AI score0.00234EPSS
Exploits0References5
Rows per page
Query Builder