17 matches found
EUVD-2025-16051
Malicious code in bioql PyPI...
Malicious code in ejson2env (npm)
The package ejson2env was found to contain malicious code...
MAL-2025-19280 Malicious code in ejson2env (npm)
The package ejson2env was found to contain malicious code...
SUSE CVE-2025-48069
ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values...
Command Injection
github.com/shopify/ejson2env is vulnerable to command injection. The vulnerability is due to improper output sanitization, allowing malicious variable names or values to inject unintended commands into stdout...
GO-2025-3702 Insufficient input sanitization in ejson2env in github.com/Shopify/ejson2env
Insufficient input sanitization in ejson2env in github.com/Shopify/ejson2env...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to the improper handling of environment variables during the decryption process. An attacker with control over .ejson files can execute arbitrary commands on the host system by injecting malicious keys or encrypted...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to the improper handling of environment variables during the decryption process. An attacker with control over .ejson files can execute arbitrary commands on the host system by injecting malicious keys or encrypted...
GHSA-2C47-M757-32G6 Insufficient input sanitization in ejson2env
Summary The ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values m...
Insufficient input sanitization in ejson2env
Summary The ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values m...
CVE-2025-48069
ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values...
CVE-2025-48069 ejson2env has insufficient input sanitization
ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values...
CVE-2025-48069 ejson2env has insufficient input sanitization
ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values...
CVE-2025-48069
CVE-2025-48069 affects the ejson2env tool (Shopify) prior to version 2.0.8, where stdout writes are not adequately sanitized. The vulnerability permits variable names or values in decrypted EJSON to inject additional commands when the exported environment variables are evaluated or sourced, poten...
Insufficient input sanitization in ejson2env
Summary The ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values m...
PT-2025-22412 · Ejson2Env · Ejson2Env
Name of the Vulnerable Software and Affected Versions: ejson2env versions prior to 2.0.8 Description: The issue is related to inadequate output sanitization in the ejson2env tool, which can lead to command injection. This occurs when variable names or values contain malicious content, resulting i...
ejson2env 操作系统命令注入漏洞
ejson2env is a Shopify open source tool for decrypting EJSON secrets and exporting them as environment variables. An operating system command injection vulnerability exists in ejson2env versions prior to 2.0.8, which stems from insufficient output cleanup and could lead to command injection...