6 matches found
EUVD-2026-4954
Inspektor Gadget: Command Injection via malicious buildOptions manipulation...
GHSA-79QW-G77V-2VFH Inspektor Gadget: Command Injection via malicious buildOptions manipulation
Impacted Resources inspektor-gadget/cmd/common/image/build.go inspektor-gadget/cmd/common/image/helpers/Makefile.build Description The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...
CVE-2026-24905 Inspektor Gadget has a Command Injection vulnerability in Makefile.build
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...
CVE-2026-24905 Inspektor Gadget has a Command Injection vulnerability in Makefile.build
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...
CVE-2026-24905
CVE-2026-24905 affects Inspektor Gadget. The vulnerability arises from unsafe embedding of user-controlled data in the Makefile.build template used during ig image build, allowing command injection via buildOptions extracted from the gadget manifest. Before version 0.48.1, an attacker who can inf...
PinTools
This repository is an example and proof-of-concept PoC for dynamic binary analysis using the Pin tool. The code is designed to detect the classical use-after-free vulnerability. The Pin tool is a dynamic binary instrumentation framework that allows developers to analyze and modify the behavior of...