Lucene search
K

120 matches found

Github Security Blog
Github Security Blog
added 2026/02/17 4:46 p.m.11 views

OpenClaw has an exec allowlist bypass via command substitution/backticks inside double quotes

Summary Exec approvals allowlist bypass via command substitution/backticks inside double quotes. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.2 Impact Only affects setups that explicitly enable the optional exec approvals allowlist feature. Default installs are...

9.8CVSS5.5AI score0.00476EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-15006

Malware in sbrugna...

7.8CVSS7.7AI score0.00425EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-53277

Malicious code in bioql PyPI...

6.6CVSS6.4AI score0.00475EPSS
Exploits1References3
OSV
OSV
added 2025/04/04 2:5 p.m.8 views

GHSA-CJ5W-8MJF-R5F8 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...

7.4CVSS8.2AI score0.00543EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/03 10:0 p.m.8 views

CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

7.4CVSS7.3AI score0.00543EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-49284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for...

6.6CVSS6.6AI score0.00475EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.12 views

RHEL 5 : bash (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution CVE-2016-7543 - bash: when...

7.6AI score0.02608EPSS
Exploits5References3
Veracode
Veracode
added 2023/12/25 2:3 p.m.14 views

Denial Of Service

fish:sid is vulnerable to Denial of service. The vulnerability due to allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. It leads to unexpected behavior with direct input and allow an attacker to execute denial of...

6.6CVSS7.3AI score0.00475EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/12/22 11:6 a.m.3 views

OESA-2023-1939 fish security update

fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a smart and user-friendly comman...

6.6CVSS6.6AI score0.00475EPSS
Exploits1References2
OSV
OSV
added 2023/12/22 11:6 a.m.3 views

OESA-2023-1938 fish security update

fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a smart and user-friendly comman...

6.6CVSS6.6AI score0.00475EPSS
Exploits1References2
OSV
OSV
added 2023/12/22 11:6 a.m.3 views

OESA-2023-1940 fish security update

fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a smart and user-friendly comman...

6.6CVSS6.6AI score0.00475EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/12/17 12:0 a.m.19 views

openSUSE 15 Security Update : fish (openSUSE-SU-2023:0404-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0404-1 advisory. - fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters...

6.6CVSS6.5AI score0.00475EPSS
Exploits1References4
OSV
OSV
added 2023/12/15 11:6 a.m.4 views

OESA-2023-1933 fish security update

fish is a fully-equipped command line shell like bash or zsh that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure. Security Fixes: fish is a smart and user-friendly comman...

6.6CVSS6.6AI score0.00475EPSS
Exploits1References2
Mageia
Mageia
added 2023/12/12 9:19 p.m.22 views

Updated fish packages fix a security vulnerability

Mageia 9 is updated to version 3.6.4 to fix CVE-2023-49284. Mageia 8 receives an upstream patch to fix CVE-2023-49284. CVE-2023-49284: fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command...

6.6CVSS7.2AI score0.00475EPSS
Exploits1References1
OSV
OSV
added 2023/12/12 9:19 p.m.8 views

MGASA-2023-0344 Updated fish packages fix a security vulnerability

Mageia 9 is updated to version 3.6.4 to fix CVE-2023-49284. Mageia 8 receives an upstream patch to fix CVE-2023-49284. CVE-2023-49284: fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command...

6.6CVSS6.5AI score0.00475EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2023/12/09 8:0 a.m.5 views

Command substitution output can trigger shell expansion in fish shell

...

6.6CVSS7AI score0.00475EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/12/06 2:4 a.m.3 views

SUSE CVE-2023-49284

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

4.4CVSS6.7AI score0.00475EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2023/12/05 12:15 a.m.28 views

CVE-2023-49284

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

6.6CVSS7.3AI score0.00475EPSS
Exploits1
NVD
NVD
added 2023/12/05 12:15 a.m.18 views

CVE-2023-49284

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

6.6CVSS0.00475EPSS
Exploits1References3
OSV
OSV
added 2023/12/05 12:15 a.m.2 views

DEBIAN-CVE-2023-49284

fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than...

6.6CVSS6.5AI score0.00475EPSS
Exploits1References1
Rows per page
Query Builder