500 matches found
PYSEC-2026-106
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
PYSEC-2026-106
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
CVE-2026-33718
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
CVE-2026-33718
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
CVE-2026-33718
OpenHands CVE-2026-33718 is a command-injection vulnerability disclosed across multiple feeds. It affects the get_git_diff() path in OpenHands 1.5.0 and earlier when the path parameter from the /api/conversations/{conversation_id}/git/diff endpoint is unsafely interpolated into a shell command (g...
CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
CVE-2026-33718 OpenHands is Vulnerable to Command Injection through its Git Diff Handler
OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...
OpenHands is Vulnerable to Command Injection through its Git Diff Handler
Summary A Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitra...
GHSA-7H8W-HJ9J-8RJW OpenHands is Vulnerable to Command Injection through its Git Diff Handler
Summary A Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to a shell command, allowing authenticated attackers to execute arbitra...
Command Injection
Overview openhands-ai is an OpenHands: Code Less, Make More Affected versions of this package are vulnerable to Command Injection via the getgitdiff method. An attacker can execute arbitrary commands, read sensitive files, write arbitrary files, establish persistent access, or potentially escape...
PT-2026-28181
Name of the Vulnerable Software and Affected Versions OpenHands versions prior to 1.5.0 Description OpenHands is software for AI-driven development. A Command Injection vulnerability exists in the get git diff method at openhands/runtime/utils/git handler.py:134. The path parameter from the...
CVE-2026-4496
A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...
CVE-2026-4496
A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...
Git MCP Server 操作系统命令注入漏洞
Git MCP Server is an MCP server developed by Casey Hand individually. Git MCP Server has a vulnerability related to operating system command injection. This vulnerability stems from the use of the childprocess.exec function in the file gitUtils.ts, which contains commands like...
apache-gravitino (>=1.2.0 <=1.2.1rc2), cloudquery-plugin-sdk (=0.1.52) +12 more potentially affected by CVE-2026-32274 via black (>=26.1.0 <=26.3.0)
black PYPI version =26.1.0, =1.2.0, =0.4.0, =2.189.0, =0.12.0, =0.7.4, =0.8.0, =0.1.8, =2.54.8, =0.17.1, =1.2.1, =0.1.2, =0.1.0, =0.1.5 Source cves: CVE-2026-32274 Source advisory: SNYK:PYTHON-BLACK-15518063...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: opa-fips-envoy, crossplane-provider-aws-rolesanywhere, nova-fips, flux-source-watcher-fips, chainctl, crossplane-provider-aws-wafv2-fips, mattermost, caddy-fips, pulumi, grafana-alloy-fips, cluster-api-azure-controller, crossplane-provider-family-aws-fips,...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: opa-fips-envoy, crossplane-provider-aws-rolesanywhere, nova-fips, flux-source-watcher-fips, chainctl, crossplane-provider-aws-wafv2-fips, mattermost, caddy-fips, pulumi, grafana-alloy-fips, cluster-api-azure-controller, crossplane-provider-family-aws-fips,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: chainctl, aactl, flux-image-automation-controller, kubevela, pulumi, terraform-provider-pagerduty, grafana-alloy-fips, lazygit, crossplane-provider-keycloak-fips, crossplane-provider-family-aws-fips, gitaly-fips, gptscript, syft-fips, crossplane-provider-aws-sns, apk...
[SECURITY] Fedora 43 Update: rsync-3.4.1-5.fc43
Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...