CVE-2026-4092

Path Traversal in Clasp impacting versions 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences...

@battis/gas-lighter (>=0.2.0 <=0.5.2), @ciderjs/dgs (>=0.1.0 <=0.1.1) +11 more potentially affected by CVE-2026-4092 via @google/clasp (>=1.5.3 <=3.1.3)

@google/clasp NPM version =1.5.3, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =0.0.2, =2.0.5, =1.0.0, =3.1.1, =0.1.0, =0.0.1, =2.0.0, =4.0.0 Source cves: CVE-2026-4092 Source advisory: OSV:GHSA-HQJG-PWW4-PCGQ...

GHSA-HQJG-PWW4-PCGQ @google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script

Impact Allows an attacker to perform a "Path Traversal" attack to modify files outside the projects directory, potentially allowing for running attacker code on the developer's machine. Patches Fixed in version 3.2.0 Workarounds Only clone or pull scripts from trusted sources Review the output of...

EUVD-2026-12047

@google/clasp vulnerable to unsafe path traversal cloning or pulling a malicious script...

CVE-2026-4092

Path Traversal in Clasp impacting versions 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences...

CVE-2026-4092

Path Traversal in Clasp impacting versions 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences...

CVE-2026-4092 Arbitrary File Write via Path Traversal in Google clasp leading to RCE

Path Traversal in Clasp impacting versions 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences...

CVE-2026-4092

Path Traversal in Clasp impacting versions 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences...

CVE-2026-4092 Arbitrary File Write via Path Traversal in Google clasp leading to RCE

Path Traversal in Clasp impacting versions 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences...

CVE-2026-4092

CVE-2026-4092 affects Google clasp prior to 3.2.0. A path traversal in filenames within a Google Apps Script project can lead to remote code execution, enabling an attacker to write arbitrary files on the host. Affected versions:

PT-2026-25324

Arbitrary File Write via Path Traversal in Google clasp leading to RCE CVE: CVE-2026-4092 Vendor: Google Product: Clasp CVSS: 8.7 Credits: n/a Description: Path Traversal in Clasp impacting versions 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script...

Clasp 安全漏洞

Clasp is a command-line tool open-sourced by Google. Versions of Clasp prior to 3.2.0 contained a security vulnerability, which was caused by a path traversal issue, potentially leading to remote code execution...

Directory Traversal

Overview @google/clasp is a Develop Apps Script Projects locally Affected versions of this package are vulnerable to Directory Traversal in the fetchRemote function in files.ts. An attacker can overwrite files outside the intended project directory via pull and clone commands. Details A Directory...

multi-clasp2 (=4.0.0) potentially affected by CVE-2026-4092 via @google/clasp (=3.1.3)

@google/clasp NPM version =3.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @google/clasp and may be impacted: - multi-clasp2 =4.0.0 Source cves: CVE-2026-4092 Source advisory: SNYK:JS-GOOGLECLASP-15248426...

Our PR team awarded me the “The Best Positive Speaker 2025” metal pin for public speaking, articles, and media commentary

Our PR team awarded me the “The Best Positive Speaker 2025” metal pin for public speaking, articles, and media commentary. Huge thanks to my colleagues for this! I’m very pleased. 😇 The collection is growing. 😉 This time, the pin is styled like the Friends sitcom logo. It’s made of metal, coated...

Malicious code in clasp-nuzzle-fot819-project (npm)

The package clasp-nuzzle-fot819-project was found to contain malicious code...

MAL-2025-35083 Malicious code in test-mlw2-clasp-maile (npm)

The package test-mlw2-clasp-maile was found to contain malicious code...

MAL-2025-17095 Malicious code in clasp-nuzzle-fot819-project (npm)

The package clasp-nuzzle-fot819-project was found to contain malicious code...

Malicious code in test-mlw2-clasp-maile (npm)

The package test-mlw2-clasp-maile was found to contain malicious code...

in clasp-developers/clasp

Description Clasp uses printf to log errors and useful information, in one instance of this logging - the printf call specifies format operators but lacks the appropriate arguments - leading to unrelated bytes being included in the output. Impact This vulnerability is capable of allowing an...