Lucene search
+L

4 matches found

snyk
snyk
added 2026/06/19 8:47 p.m.4 views

Command Injection

Overview @cyclonedx/cyclonedx-npm is a Create CycloneDX Software Bill of Materials SBOM from NPM projects. Affected versions of this package are vulnerable to Command Injection via the --workspace argument when the environment variable npmexecpath is unset or empty. An attacker can execute...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References2
osv
osv
added 2026/04/22 6:31 p.m.17 views

GHSA-2CXP-XQ3C-MJXX Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references. Original Description The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References5
osv
osv
added 2026/04/22 4:7 p.m.3 views

CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS5.9AI score0.00133EPSS
Exploits0References6
cve
cve
added 2026/04/22 4:7 p.m.20 views

CVE-2026-35342

CVE-2026-35342 affects the mktemp utility in the uutils coreutils project. The issue arises because the implementation does not treat an empty TMPDIR as a fallback to /tmp (unlike GNU mktemp); instead, it treats an empty string as a valid path, causing temporary files to be created in the current...

3.3CVSS5.7AI score0.00133EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder