10 matches found
openSUSE 16 Security Update : python-pytest-html (openSUSE-SU-2026:20839-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20839-1 advisory. Changes in python-pytest-html: - CVE-2026-9277: shell-quote: improper escaping of newlines bsc1266254 Update the vendored shell-quote to 1.8.4 nodemodul...
OPENSUSE-SU-2026:20839-1 Security update for python-pytest-html
This update for python-pytest-html fixes the following issues: Changes in python-pytest-html: - CVE-2026-9277: shell-quote: improper escaping of newlines bsc1266254 Update the vendored shell-quote to 1.8.4 nodemodules...
Debian dsa-6300 : node-shell-quote - security update
The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6300 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/...
python311-pytest-html-4.2.0-2.1 on GA media (moderate)
python311-pytest-html-4.2.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10861-1 Rating: moderate Cross-References: CVE-2026-9277 CVSS scores: CVE-2026-9277 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-9277 SUSE : 9.2...
[SECURITY] [DSA 6300-1] node-shell-quote security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2026 https://www.debian.org/security/faq -...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28725 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)
shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...
org.webjars.npm:github-com-wavesoft-local-echo (=0.2.0), org.webjars.npm:launch-editor (=2.2.1) +2 more potentially affected by CVE-2026-9277 via org.webjars.npm:shell-quote (=1.8.3)
org.webjars.npm:shell-quote MAVEN version =1.8.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:shell-quote and may be impacted: - org.webjars.npm:github-com-wavesoft-local-echo =0.2.0 - org.webjars.npm:launch-editor =2.2.1 -...
DEBIAN-CVE-2026-9277
shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...
UBUNTU-CVE-2026-9277
shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...
CVE-2026-9277 shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`
shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...