Trivy Action 操作系统命令注入漏洞

Trivy Action is a container vulnerability scanning tool developed by Aqua Security. Versions of Trivy Action prior to 0.33.1 contain an operating system command injection vulnerability. This vulnerability arises from improper handling of input during the process of exporting environment variables...

CVE-2025-48069 ejson2env has insufficient input sanitization

ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values...