Lucene search
+L

51 matches found

Snyk
Snyk
added 2026/07/01 9:19 p.m.4 views

Command Injection

Overview aws-cdk-lib is a Version 2 of the AWS Cloud Development Kit library Affected versions of this package are vulnerable to Command Injection via the OsCommand helper in the Docker bundling process. An attacker can execute arbitrary commands on the host running the toolchain by injecting she...

7.3CVSS6.2AI score0.0061EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:5 p.m.7 views

CVE-2026-13760

OS command injection in the NodejsFunction Docker bundling pipeline OsCommand helper in AWS aws-cdk-lib on all platforms might allow a actor who controls dependency version strings in a project's package.json file to execute arbitrary commands on the host running the CDK toolchain via injected...

7.3CVSS6.1AI score0.0061EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 7:5 p.m.3 views

CVE-2026-13760 OS Command Injection in aws-cdk-lib Docker Bundling

OS command injection in the NodejsFunction Docker bundling pipeline OsCommand helper in AWS aws-cdk-lib on all platforms might allow a actor who controls dependency version strings in a project's package.json file to execute arbitrary commands on the host running the CDK toolchain via injected...

7CVSS6.2AI score0.0061EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 4:16 p.m.27 views

CVE-2026-13749

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generate...

8.8CVSS0.0037EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 4:2 p.m.7 views

EUVD-2026-40135

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generate...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 4:2 p.m.24 views

CVE-2026-13749

Snowflake CLI prior to 3.19 is affected by Improper neutralization in the Snowpark annotation processor callback template, enabling arbitrary code execution during bundling or deployment. An attacker can supply crafted project content that is interpolated into generated Python code, causing code ...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 4:2 p.m.3 views

CVE-2026-13749 Snowflake CLI Arbitrary Code Execution via Snowpark Annotation Processor Template Injection

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generate...

8.8CVSS6.6AI score0.0037EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53312

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization in the Snowpark annotation processor callback template allows arbitrary code execution during application bundling or deployment. An attacker can exploit this by providin...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References4
Veracode
Veracode
added 2026/06/16 5:23 a.m.12 views

Command Injection

aws-cdk-lib is vulnerable to Command Injection. The vulnerability is due to improper sanitization of user-controlled bundling properties in the NodejsFunction local bundling pipeline, which allows an attacker to inject shell metacharacters and execute arbitrary commands on the host running the CD...

7.3CVSS5.7AI score0.00936EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/06/15 8:47 p.m.11 views

EUVD-2026-36076

aws-cdk-lib: OS Command Injection in NodejsFunction Bundling...

7.3CVSS5.3AI score0.00936EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/06/15 8:47 p.m.19 views

aws-cdk-lib: OS Command Injection in NodejsFunction Bundling

Summary AWS CDK aws-cdk-lib is an open-source framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow a threat actor who...

7.3CVSS6.3AI score0.00936EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/06/15 8:47 p.m.12 views

GHSA-999R-QQ7V-R334 aws-cdk-lib: OS Command Injection in NodejsFunction Bundling

Summary AWS CDK aws-cdk-lib is an open-source framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow a threat actor who...

7.3CVSS6.3AI score0.00936EPSS
Exploits1References7
Snyk
Snyk
added 2026/06/10 7:23 p.m.7 views

Command Injection

Overview aws-cdk-lib is a Version 2 of the AWS Cloud Development Kit library Affected versions of this package are vulnerable to Command Injection via the NodejsFunction local bundling pipeline, when an attacker controls the value of one or more of the properties externalModules, define, loader,...

7.3CVSS5.9AI score0.00936EPSS
Exploits1References2
NVD
NVD
added 2026/06/10 6:16 p.m.12 views

CVE-2026-11417

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...

7.3CVSS0.00936EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/10 5:39 p.m.35 views

CVE-2026-11417 OS Command Injection in NodejsFunction Bundling in aws-cdk-lib

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...

7.3CVSS0.00936EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/10 5:39 p.m.10 views

CVE-2026-11417 OS Command Injection in NodejsFunction Bundling in aws-cdk-lib

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...

7.3CVSS5.9AI score0.00936EPSS
Exploits1References3
OSV
OSV
added 2026/06/10 5:39 p.m.4 views

CVE-2026-11417 OS Command Injection in NodejsFunction Bundling in aws-cdk-lib

OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 2.246.0 on Windows might allow an actor who controls the value of one or more bundling properties externalModules, define, loader, inject, or esbuildArgs to execute arbitrary commands on the host...

7CVSS6.2AI score0.00936EPSS
Exploits1References5
CVE
CVE
added 2026/06/10 5:39 p.m.62 views

CVE-2026-11417

OS command injection in the NodejsFunction local bundling pipeline of aws-cdk-lib (pre-2.245.0; 2.246.0 on Windows) allows a threat actor who controls bundling properties (externalModules, define, loader, inject, esbuildArgs) to execute arbitrary commands on the host running the CDK toolchain via...

7.3CVSS5.9AI score0.00936EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48489

Name of the Vulnerable Software and Affected Versions aws-cdk-lib versions prior to 2.245.0 aws-cdk-lib versions prior to 2.246.0 Windows Description OS command injection exists in the NodejsFunction local bundling pipeline. An actor who controls the value of one or more bundling...

7.3CVSS6.2AI score0.00936EPSS
Exploits1References11
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/20 4:53 a.m.7 views

Malicious code in json-bundling (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61f19cbc17dc9182ab2266b7b505dedb74da2b797aa6661669f53efd1b86777a The package json-bundling was found to contain malicious code. Source: ghsa-malware debc855dc41e080d6afbfd087c2a01d8d9e5fac885734e59fb2e1adb870d6198...

5.7AI score
Exploits0References1
Rows per page
Query Builder