Lucene search
K

5 matches found

Veracode
Veracode
added 2025/11/03 8:10 a.m.7 views

OS Command Injection

github.com/chaos-mesh/chaos-mesh is vulnerable to OS command injection. The vulnerability is due to improper input validation in the cleanIptables mutation, which allows an unauthenticated in-cluster attacker to execute arbitrary commands and achieve remote code execution across the cluster...

9.8CVSS9.1AI score0.03269EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/09/15 12:31 p.m.1 views

GHSA-2GCV-3QPF-C5QR Chaos Controller Manager is vulnerable to OS command injection

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.5AI score0.03269EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/09/15 12:31 p.m.5 views

Chaos Controller Manager is vulnerable to OS command injection

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.5AI score0.03269EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2025/09/15 11:41 a.m.19 views

CVE-2025-59361

The provided connected sources confirm CVE-2025-59361 pertains to Chaos Mesh’s Chaos Controller Manager, specifically an OS command injection in the mutation path (cleanIptables). The related entry CVE-2025-59358 describes an unauthenticated exposure via a GraphQL debugging surface that can kill ...

9.8CVSS8.1AI score0.03269EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.3 views

Chaos Mesh 操作系统命令注入漏洞

Chaos Mesh is an open source cloud-native engineering platform from Chaos Mesh Open Source. Chaos Mesh suffers from an OS command injection vulnerability that stems from the presence of OS command injection in cleanIptables, which could lead to remote code execution...

9.8CVSS8.3AI score0.03269EPSS
Exploits1References2
Rows per page
Query Builder