4 matches found
CVE-2026-44604
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
EUVD-2026-32726
A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially...
PT-2026-44197
Name of the Vulnerable Software and Affected Versions RPM affected versions not specified Description A command injection issue exists in the rpmuncompress utility. When extracting ZIP, 7z, or GEM archive formats to a destination directory, the tool fails to sanitize the top-level folder name...
The vulnerability of the RubyGems package management system, related to the possibility of cross-site scripting, allows a hacker to cause a service failure.
The vulnerability of the RubyGems package management system is related to the possibility of cross-site scripting execution. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially crafted gem archive...