Lucene search
K

5 matches found

Cvelist
Cvelist
added 2026/06/23 5:20 p.m.34 views

CVE-2026-49402 Deno: Command Injection via spawnSync & spawn on Windows

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.e...

8.1CVSS0.00283EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 5:20 p.m.12 views

CVE-2026-49402

Deno is affected by CVE-2026-49402 on Windows when using node:child_process with shell: true. The escapeShellArg() helper failed to properly quote arguments containing cmd.exe metacharacters (e.g., &, |, , ^, !, (, )), and did not neutralize % inside double-quoted strings. This allowed an attacke...

8.1CVSS6.1AI score0.00283EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 7:7 p.m.15 views

Deno: Command Injection via spawnSync & spawn on Windows

Summary Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.exe metacharacters such as &, |, , ^, !, , , and did not neutralize %...

9.8CVSS5.8AI score0.02213EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-50146

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.10 Description In the node:child process implementation on Windows, the escapeShellArg helper function fails to properly quote arguments containing cmd.exe metacharacters such as &, |, , ^, !, , and and does not...

8.1CVSS6.2AI score0.00283EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2004/06/07 12:0 a.m.32 views

phpEscape.txt

SEC-CONSULT Security Advisory - PHP: Hypertext Preprocessor Vendor: PHP http://www.php.net Product: PHP 4.3.6 and below verified in 4.3.5 which was current when the bug was discovered Vendor status: vendor contacted 04-04-2004 Patch status: Problem fixed in 4.3.7 =========== DESCRIPTION =========...

Exploits0
Rows per page
Query Builder