20 matches found
Unity Linux 20.1060e / 20.1070e Security Update: nodejs-jison (UTSA-2026-016653)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016653 advisory. Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks. Tenable has extracted the preceding description block directly...
EUVD-2020-1438
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-8178
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks. CVE-2020-8178 Note that Nessus relies on the presence of t...
OESA-2022-2046 nodejs-jison security update
A parser generator with Bison's API. Security Fixes: Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks.CVE-2020-8178...
OESA-2022-1546 nodejs-jison security update
A parser generator with Bison's API. Security Fixes: Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks.CVE-2020-8178...
Security Bulletin: A security vulnerability in Node.js jison affects IBM Cloud Pak for Multicloud Management Managed Service.
Summary A security vulnerability in Node.js jison affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-8178 DESCRIPTION: Node.js jison could allow a remote attacker to execute arbitrary commands on the system, caused by insufficient input...
Security Bulletin: A security vulnerability in Node.js jison affectsI BM Cloud Automation Manager
Summary A security vulnerability in Node.js jison affectsI BM Cloud Automation Manager Vulnerability Details CVEID: CVE-2020-8178 DESCRIPTION: Node.js jison could allow a remote attacker to execute arbitrary commands on the system, caused by insufficient input validation. By sending a specially...
Command Injection
Overview Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks. Recommendation No fix is currently available. Consider using an alternative package until a fix is made available. References - https://github.com/advisories/GHSA-vr9x-mm65-2438...
GHSA-VR9X-MM65-2438 Command Injection in jison
Withdrawn: This vulnerability is not present in the released npm package. Rather the vulnerable code is part of the repo, but not part of the package. See linked hackerone report for more details. Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...
Command Injection in jison
Withdrawn: This vulnerability is not present in the released npm package. Rather the vulnerable code is part of the repo, but not part of the package. See linked hackerone report for more details. Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...
CVE-2020-8178
Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...
CVE-2020-8178
Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...
CVE-2020-8178
Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...
UBUNTU-CVE-2020-8178
Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...
CVE-2020-8178
Summary: CVE-2020-8178 concerns the npm package jison (versions
CVE-2020-8178
Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...
CVE-2020-8178
Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks...
OS Command Injection
jison is vulnerable to OS Command Injection. The vulnerability exists as it does not properly handle the command argument which is used in childprocess.exec...
Command Injection in zaach/jison
Overview jison is a package that provides an API for creating parsers in JavaScript. Affected versions of this package are vulnerable to Command Injection. Arbitrary OS shell command execution is possible through a crafted command-line argument...
Node.js third-party modules: OS Command Injection on Jison [all-parser-ports]
I would like to report OS Command Injection vulnerability on Jison in parser ports. CSharp, PHP It allows arbitrary OS shell command execution through a crafted command-line argument. Basic Information Module: jison Version: 0.4.18 NPM Project Page: https://www.npmjs.com/package/jison Module...