3 matches found
PYSEC-2026-281 Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...
manifest-confusion-check (>=0.1.0 <=0.1.8), manifest-confusion-dependency-package (=1.0.0) +1 more potentially affected by unknown CVE via darcyclarke-manifest-pkg (=2.1.15)
darcyclarke-manifest-pkg NPM version =2.1.15 is affected by a known vulnerability. The following packages have a transitive dependency on darcyclarke-manifest-pkg and may be impacted: - manifest-confusion-check =0.1.0, =0.1.8 - manifest-confusion-dependency-package =1.0.0 -...
Improper Interaction Between Multiple Correctly-Behaving Entities
Overview darcyclarke-manifest-pkg is a research package to demonstrate the technique of manifest confusion Affected versions of this package are vulnerable to Improper Interaction Between Multiple Correctly-Behaving Entities. This is not a vulnerability on its own. This package is a proof of...