54 matches found
CVE-2026-49091
Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...
CVE-2026-49091
CVE-2026-49091 affects Kibana and is caused by improper output neutralization for logs (CWE-117), enabling log injection when log content is viewed in terminals that interpret control sequences. Affected: Kibana 7.x up to 7.17.14 and 8.x up to 8.11.0. Remedies: upgrade to 7.17.15 or 8.11.1; mitig...
GitHub CLI 安全漏洞
GitHub CLI is an open-source command-line interface for GitHub. Versions of GitHub CLI from 1.6.0 to 2.92.0 contained a security vulnerability. This vulnerability stemmed from the lack of cleaning terminal control sequences when processing GitHub Actions workflow logs. It could allow attackers to...
CLSA-2026-1776959688 busybox: Fix of 4 CVEs
CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...
EUVD-2026-23147
MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to the terminal when...
CVE-2026-35651
OpenClaw OpenClaw 2026.2.13 through 2026.3.24 contains an ANSI escape sequence injection vulnerability in approval prompts. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to spoof terminal output by manipulating displayed inf...
PT-2026-4308
Name of the Vulnerable Software and Affected Versions Copilot affected versions not specified Description An issue exists in Copilot where improper neutralization of escape, meta, or control sequences can allow an unauthorized attacker to disclose information over a network. The issue involves th...
CLSA-2026-1768821437 pki-servlet-engine: Fix of 2 CVEs
CVE-2025-31651: fix improper neutralization of escape, meta, or control sequences - CVE-2025-55752: fix relative path traversal vulnerability...
CVE-2025-67746 Composer vulnerable to ANSI sequence injection
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...
CVE-2025-55754
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...
EUVD-2018-12735
Malware in sbrugna...
EUVD-2022-2922
Malicious code in bioql PyPI...
EUVD-2022-0579
Malicious code in bioql PyPI...
Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1014)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1014 advisory. Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called...
git: The sideband payload is passed unfiltered to the terminal in git
A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...
CVE-2025-31651
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...
BIT-GIT-2024-52005 The sideband payload is passed unfiltered to the terminal in git
Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...
CVE-2024-52005
A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...
UBUNTU-CVE-2024-52005
Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...
PT-2024-30655 · Gitoxide · Gitoxide
Name of the Vulnerable Software and Affected Versions: gitoxide affected versions not specified Description: The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometim...