CVE-2023-21040

In buildCommand of bluetoothccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

Google Pixel bluetooth_ccc.cc file logic error vulnerability

Google Pixel, a smartphone from Google, is vulnerable to a logic error in the buildCommand of bluetoothccc.cc, which can be exploited to cause elevation of privileges...

GHSA-WP3J-GV53-4PG8 fs-git command injection vulnerability

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

fs-git command injection vulnerability

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

GHSA-QR32-J4J6-3M7R Duplicate Advisory: Command Injection in fs-git

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wp3j-gv53-4pg8. This link is maintained to preserve external references. Original Description Affected versions of fs-git do not sanitize strings passed into the buildCommand method, resulting in arbitrary code...

fs-git command injection vulnerability

fs-git is an open source API file system. A command injection vulnerability exists in fs-git version 1.0.1. The vulnerability stems from the buildCommand method used to create the exec string fails to filter data properly, which can be exploited by an attacker to inject commands and call exec...

Command Injection

fs-git is vulnerable to command injection attacks. These attacks are possible because the buildCommand function doesn't sanitize data before constructing exec strings, allowing attackers to insert and execute commands...

CVE-2017-1000451

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...

Command injection

fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on childprocess.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec...