120 matches found
OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes
Summary Exec approvals allowlist bypass via command substitution/backticks inside double quotes. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.2 Impact Only affects setups that explicitly enable the optional exec approvals allowlist feature. Default installs are...
EUVD-2017-15006
Malware in sbrugna...
EUVD-2023-53277
Malicious code in bioql PyPI...
GHSA-CJ5W-8MJF-R5F8 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...
CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...
Linux Distros Unpatched Vulnerability : CVE-2023-49284
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for...
RHEL 5 : bash (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution CVE-2016-7543 - bash: when...
Denial Of Service
fish:sid is vulnerable to Denial of service. The vulnerability due to allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. It leads to unexpected behavior with direct input and allow an attacker to execute denial of...
OESA-2023-1939 fish security update
fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a smart and user-friendly comman...
OESA-2023-1938 fish security update
fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a smart and user-friendly comman...
OESA-2023-1940 fish security update
fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a smart and user-friendly comman...
openSUSE 15 Security Update : fish (openSUSE-SU-2023:0404-1)
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0404-1 advisory. - fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters...
OESA-2023-1933 fish security update
fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a smart and user-friendly comman...
Updated fish packages fix a security vulnerability
Mageia 9 is updated to version 3.6.4 to fix CVE-2023-49284. Mageia 8 receives an upstream patch to fix CVE-2023-49284. CVE-2023-49284: fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command...
MGASA-2023-0344 Updated fish packages fix a security vulnerability
Mageia 9 is updated to version 3.6.4 to fix CVE-2023-49284. Mageia 8 receives an upstream patch to fix CVE-2023-49284. CVE-2023-49284: fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command...
Command substitution output can trigger shell expansion in fish shell
...
SUSE CVE-2023-49284
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
CVE-2023-49284
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
CVE-2023-49284
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...
DEBIAN-CVE-2023-49284
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...