3 matches found
CVE-2026-15895
OS command injection in the npm package loading component in AWS jsii-diff before 1.131.0 might allow context-dependent attackers to execute arbitrary commands via crafted package specifiers passed to the npm: source argument. To mitigate this issue, users should upgrade to jsii-diff v1.131.0 or...
EUVD-2026-44768
OS command injection in the npm package loading component in AWS jsii-diff before 1.131.0 might allow context-dependent attackers to execute arbitrary commands via crafted package specifiers passed to the npm: source argument. To mitigate this issue, users should upgrade to jsii-diff v1.131.0 or...
CVE-2026-15895
CVE-2026-15895 : OS command injection vulnerability in the npm package loading component of AWS jsii-diff prior to v1.131.0. An attacker could exploit crafted package specifiers passed to the npm: source argument to execute arbitrary commands. Affected software is AWS jsii-diff (npm packaging) wi...