2 matches found
GHSA-F5GC-QXF8-MH9G php-weasyprint: shell command injection via configurable WeasyPrint binary path due to inverted is_executable() guard (mirror of KnpLabs/snappy GHSA-vpr4-p6fq-85jc)
Summary pontedilana/php-weasyprint builds the shell command for WeasyPrint by passing the binary path through escapeshellarg first and then checking the quoted result with isexecutable. On POSIX escapeshellarg'/usr/local/bin/weasyprint' returns '/usr/local/bin/weasyprint' with the single-quote...
borgmatic: Shell Injection
Background borgmatic is simple, configuration-driven backup software for servers and workstations. Description Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation. Impact Shell...