Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/16 7:7 p.m.14 views

Deno: Command Injection via spawnSync & spawn on Windows

Summary Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.exe metacharacters such as &, |, , ^, !, , , and did not neutralize %...

9.8CVSS5.8AI score0.02213EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.9 views

PT-2026-50146

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.10 Description In the node:child process implementation on Windows, the escapeShellArg helper function fails to properly quote arguments containing cmd.exe metacharacters such as &, |, , ^, !, , and and does not...

8.1CVSS6.2AI score0.00283EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.6 views

SUSE CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

3.6CVSS6AI score0.00247EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29833

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3 Description OpenSSH versions before 10.3 may allow command execution through shell metacharacters present in a username specified within a command line. This requires an untrusted username on the command line and...

8.1CVSS6.7AI score0.00419EPSS
Exploits0References56
Rows per page
Query Builder