Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5947

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01665EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-33127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attacke...

9.8CVSS7.6AI score0.01665EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.2 views

SUSE CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS9.4AI score0.01665EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/06/28 4:35 p.m.35 views

CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS6.6AI score0.01665EPSS
Exploits0References3
Snyk
Snyk
added 2022/06/24 10:17 a.m.0 views

Remote Code Execution (RCE)

Overview diffy is a Convenient diffing gem in ruby. Affected versions of this package are vulnerable to Remote Code Execution RCE. The function that calls the diff tool does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitra...

9.8CVSS8AI score0.01665EPSS
Exploits0References2
Veracode
Veracode
added 2022/06/24 6:29 a.m.19 views

Arbitrary Command Execution

diffy is vulnerable to arbitrary command execution. The vulnerability exists in diff function in diff.rb because the double quotes of a file when running in Windows are not properly handled which allows an attacker to inject and execute arbitrary commands...

9.8CVSS9.3AI score0.01665EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/24 12:0 a.m.27 views

GHSA-5WW9-9QP2-X524 Improper handling of double quotes in file name in Diffy in Windows environment

The function that calls the diff tool in versions of Diffy prior to 3.4.1 does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS9.5AI score0.01665EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/06/24 12:0 a.m.22 views

Improper handling of double quotes in file name in Diffy in Windows environment

The function that calls the diff tool in versions of Diffy prior to 3.4.1 does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS9.2AI score0.01665EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2022/06/24 12:0 a.m.20 views

Improper handling of double quotes in file name in Diffy in Windows environment

The function that calls the diff tool in versions of Diffy prior to 3.4.1 does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS6.5AI score0.01665EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/06/23 5:15 p.m.18 views

CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS0.01665EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.3 views

CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS6.1AI score0.01665EPSS
Exploits0References3
OSV
OSV
added 2022/06/23 5:15 p.m.11 views

CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS7.5AI score
Exploits0References2
Prion
Prion
added 2022/06/23 5:15 p.m.13 views

Spoofing

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

7.5CVSS9.5AI score0.01665EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/06/23 5:15 p.m.25 views

CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS7.5AI score0.01665EPSS
Exploits0References3
OSV
OSV
added 2022/06/23 5:15 p.m.0 views

UBUNTU-CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS6.1AI score0.01665EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.6 views

Diffy 安全漏洞

Diffy is a simple distinction in Ruby by Sam Goldstein, a personal developer. Diffy suffers from a security vulnerability that stems from the fact that the function that calls the diff utility in Diffy 3.4.1 does not properly handle double quotes in filenames when running in a Windows environment...

9.8CVSS8.6AI score0.01665EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/06/22 7:31 p.m.19 views

CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8AI score0.01665EPSS
Exploits0References2
CVE
CVE
added 2022/06/22 7:31 p.m.87 views

CVE-2022-33127

CVE-2022-33127 concerns the Diffy library. The issue arises in the function that calls the diff tool in Diffy 3.4.1, which does not properly handle double quotes in a filename when run on Windows. This insufficient input handling can allow an attacker to execute arbitrary commands via a crafted s...

9.8CVSS9.5AI score0.01665EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2022/06/22 7:31 p.m.20 views

CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS9.6AI score0.01665EPSS
Exploits0
The Hacker News
The Hacker News
added 2015/09/04 1:32 a.m.18 views

Twitter Open Sources 'Diffy' that Automatically Catches Potential Bugs in Code

After, Facebook open sourced Thrift Technology an internally used tool by Facebook in 2007, rival entity Twitter brings Diffy, an internal Twitter service to the world. Yesterday, Twitter introduced "Diffy," an open source tool, acting as a helping hand for the software developers to catch bugs,...

7AI score
Exploits0
Rows per page
Query Builder