CVE-2026-28470

OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...

CVE-2026-28470

OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...

PT-2026-23545

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description The software contains a flaw in its exec approvals allowlist, which can be bypassed when command substitution syntax is used. Specifically, attackers can execute arbitrary commands by injecting...

EUVD-2022-3243

Malicious code in bioql PyPI...

USN-6730-1 maven-shared-utils vulnerability

It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code...

OS Command Injection

maven-shared-utils is vulnerable to OS command injection. The vulnerability exists due to the use of double-quoted strings without proper escaping which allows an attacker to execute shell commands...

GHSA-8VHQ-QQ4P-GRQ3 OS Command Injection in Plexus-utils

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

Apache Maven Command Injection Vulnerability

Apache Maven is an application from the Apache USA Foundation. A software project management and understanding tool. Apache Maven Shared Utils suffers from a command injection vulnerability that stems from improper input validation when handling double-quoted strings. A remote attacker could...

Apache Maven 命令注入漏洞

Apache Maven is an application from the Apache USA Foundation. A software project management and understanding tool. Apache Maven Shared Utils suffers from a command injection vulnerability that stems from improper input validation when handling double-quoted strings. A remote attacker could...

OS Command Injection

maven-shared-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS via the Commandline class due to insecure validation and escaping of double-quoted strings...

plexus-utils: Mishandled strings in Commandline class allow for command injection

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

Command injection

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

PT-2018-3791 · Apache · Plexus-Utils

Name of the Vulnerable Software and Affected Versions: Plexus-utils versions prior to 3.0.16 Description: The issue arises from the incorrect processing of double quoted strings, leading to command injection. This could allow a remote attacker to execute arbitrary commands. Recommendations: For...