2 matches found
CVE-2026-54636 Dokku: OS Command Injection via app.json managed Cron
Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...
PT-2026-52854
Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.7 Description The cron plugin uses commands defined in the app.json file to manage system cron tasks running as the Dokku user. If a cron command in app.json contains special shell characters, such as or ;, it can...