2 matches found
CVE-2022-25168
Apache Hadoop's FileUtil.unTarFile, File API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in...
Design/Logic Flaw
This affects all versions of package mock2easy. a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '', data.interfaceUrl, query,...