2 matches found
OS Command Injection
github.com/neuvector/neuvector is vulnerable to OS Command Injection. The vulnerability is due to unsanitized use of the environment variables CLUSTERRPCPORT and CLUSTERLANPORT in shell commands executed via popen, which allows an attacker to inject and execute arbitrary commands within the...
CVE-2025-54469 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...