Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2022/06/24 6:29 a.m.16 views

Arbitrary Command Execution

diffy is vulnerable to arbitrary command execution. The vulnerability exists in diff function in diff.rb because the double quotes of a file when running in Windows are not properly handled which allows an attacker to inject and execute arbitrary commands...

9.8CVSS9.3AI score0.0054EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2022/06/24 12:0 a.m.22 views

Improper handling of double quotes in file name in Diffy in Windows environment

The function that calls the diff tool in versions of Diffy prior to 3.4.1 does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS9.2AI score0.0054EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2022/06/24 12:0 a.m.26 views

GHSA-5WW9-9QP2-X524 Improper handling of double quotes in file name in Diffy in Windows environment

The function that calls the diff tool in versions of Diffy prior to 3.4.1 does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS9.5AI score0.0054EPSS
Exploits0References5
RubySec
RubySecadded 2022/06/24 12:0 a.m.20 views

Improper handling of double quotes in file name in Diffy in Windows environment

The function that calls the diff tool in versions of Diffy prior to 3.4.1 does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS6.5AI score0.0054EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2022/06/23 5:15 p.m.0 views

UBUNTU-CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

9.8CVSS6.1AI score0.0054EPSS
Exploits0References4
CVE
CVEadded 2022/06/22 7:31 p.m.87 views

CVE-2022-33127

CVE-2022-33127 concerns the Diffy library. The issue arises in the function that calls the diff tool in Diffy 3.4.1, which does not properly handle double quotes in a filename when run on Windows. This insufficient input handling can allow an attacker to execute arbitrary commands via a crafted s...

9.8CVSS9.5AI score0.0054EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker Newsadded 2015/09/04 1:32 a.m.17 views

Twitter Open Sources 'Diffy' that Automatically Catches Potential Bugs in Code

After, Facebook open sourced Thrift Technology an internally used tool by Facebook in 2007, rival entity Twitter brings Diffy, an internal Twitter service to the world. Yesterday, Twitter introduced "Diffy," an open source tool, acting as a helping hand for the software developers to catch bugs,...

7AI score
Exploits0
Rows per page
Query Builder