5 matches found
CVE-2026-23879 py7zr: Arbitrary File Write Vulnerability
py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...
CVE-2026-30916
...
CVE-2026-30916
CVE-2026-30916 relates to the Shescape JavaScript library. Prior to version 2.1.9, an attacker could bypass shell escaping when the configured shell pointed to a file that is a chain of symlinks, potentially exposing sensitive information depending on the shell used. A fix is available in 2.1.9. ...
Withdrawn Advisory: Shescape has possible misidentification of shell due to link chains
Withdrawn Advisory This advisory has been withdrawn because it falls outside the https://github.com/ericcornelissen/shescape/blob/a2544a1c78cae19d0e81a485b997bf0b0fcc2c12/SECURITY.mdthreat-model. This link is maintained to preserve external references. Original Description Impact This impacts use...
GHSA-6F6W-6J58-RQ76 Withdrawn Advisory: Shescape has possible misidentification of shell due to link chains
Withdrawn Advisory This advisory has been withdrawn because it falls outside the https://github.com/ericcornelissen/shescape/blob/a2544a1c78cae19d0e81a485b997bf0b0fcc2c12/SECURITY.mdthreat-model. This link is maintained to preserve external references. Original Description Impact This impacts use...