GHSA-F2FC-VC88-6W7Q @siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters

Summary Multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to execute arbitrary OS commands. Details The claudecodeui application provides Git integration through various API...

PT-2023-20513 · Unknown · Git-Commit-Info

Name of the Vulnerable Software and Affected Versions: git-commit-info versions prior to 2.0.2 Description: The issue arises from the gitCommitInfo method failing to sanitize its commit parameter, which later flows into a sensitive command execution API. This allows attackers to inject malicious...

PT-2018-3914 · D Link · D-Link Dsl-3782

Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 versions 1.01 Description: The issue is related to a buffer overflow in the /userfs/bin/tcapi binary of the Diagnostics component in the D-Link DSL-3782 router's firmware. This can be exploited by passing a long buffer as the...