Lucene search
K

6 matches found

Snyk
Snyk
added 2026/05/27 11:20 p.m.8 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...

8.6CVSS6AI score0.00715EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 11:20 p.m.14 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...

8.6CVSS6AI score0.00715EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 9:5 p.m.33 views

CVE-2026-45152 uniget: Command Injection in tool.Check Leading to Arbitrary Code Execution

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

7.8CVSS0.00715EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:5 p.m.24 views

CVE-2026-45152

CVE-2026-45152 affects uniget prior to 0.27.1, where a command injection is possible via the check field loaded from untrusted JSON metadata. The implementation runs /bin/bash -c on tool.Check, allowing an attacker-controlled value to execute arbitrary shell commands during common operations (des...

7.8CVSS6.4AI score0.00715EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/16 5:30 a.m.9 views

Command Injection

uniget is vulnerable to Command Injection. The vulnerability is due to unsafe execution of the untrusted check field from metadata files through /bin/bash -c without proper validation or sanitization, which allows an attacker to execute arbitrary shell commands on the victim's system...

7.8CVSS6.2AI score0.00715EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/13 12:0 a.m.10 views

uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution

A command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without validation or sanitization, an attacker can craft malicious metadata that executes...

7.8CVSS6.3AI score0.00715EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder