2646 matches found
CVE-2022-24725
Shescape (JavaScript) versions 1.4.0–1.5.1 are vulnerable to information disclosure on Unix when using Bash with shescape.escape or escapeAll with interpolation: true, exposing the home directory and enabling potential directory traversal depending on output usage. Other shells (Dash, Zsh) are no...
Exposure of home directory through shescape on Unix with Bash
Impact The issue allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zsh, are not affected. javascript const cp = require"childprocess"; cons...
GHSA-446W-RRM4-R47F Exposure of home directory through shescape on Unix with Bash
Impact The issue allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zsh, are not affected. javascript const cp = require"childprocess"; cons...
Shescape 操作系统命令注入漏洞
shescape is an open source package of simple shell escaping programs for JavaScript. Use it to escape user-controlled input to shell commands to prevent shell injection. shescape versions 1.4.0 through 1.5.1 are vulnerable to an information disclosure vulnerability that stems from using the escap...
PT-2022-16832 · Shescape · Shescape
Name of the Vulnerable Software and Affected Versions: shescape versions 1.4.0 through 1.5.1 Description: The issue allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Oth...
GHSA-W4F8-FXQ2-J35V Possible privilege escalation via bash completion script
The bash completion script for fscrypt through v0.3.2 allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a...
Possible privilege escalation via bash completion script
The bash completion script for fscrypt through v0.3.2 allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a...
Command injection in github.com/google/fscrypt
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...
GHSA-WXJG-P59J-6C92 Command injection in github.com/google/fscrypt
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...
Fedora: Security Advisory for nodejs-bash-language-server (FEDORA-2022-7cca5b6d38)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: nodejs-bash-language-server-2.0.0-2.fc35
Bash language server implementation based on Tree Sitter and its grammar for Bash with explainshell integration...
DEBIAN-CVE-2022-25328
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...
UBUNTU-CVE-2022-25328
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...
CVE-2022-25328 Privilege escalation through command injection in fscrypt
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...
CVE-2022-25328 Privilege escalation through command injection in fscrypt
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...
CVE-2022-25328
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...
CVE-2022-25328
The bashcompletion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoin...
Security Bulletin: Vulnerabilities in Bash affect Network Intrusion Prevention System (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM Security Network Intrusion Prevention System. Vulnerability Detail...
Security Bulletin: Vulnerabilities in Bash affect ProtecTIER (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by ProtecTIER. Vulnerability Details CVE-ID : CVE-2014-6271 DESCRIPTION :...
[SECURITY] Fedora 35 Update: rlwrap-0.45.2-1.fc35
rlwrap is a 'readline wrapper' that uses the GNU readline library to allow the editing of keyboard input for any other command. Input history is remembered across invocations, separately for each command; history completion and search work as in bash and completion word lists can be specified on...