11 matches found
CVE-2026-35581
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the Executrix utility when configuration-derived values, such as PLACENAME, are concatenated into shell commands without sufficient sanitization. An attacker can achieve arbitrary command execution by supplying...
Emissary has a Command Injection via PLACE_NAME Configuration in Executrix
Summary The Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing shell metacharacters ;, |, $, , , , etc. to pass through into...
GHSA-6C37-7W4P-JG9V Emissary has a Command Injection via PLACE_NAME Configuration in Executrix
Summary The Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing shell metacharacters ;, |, $, , , , etc. to pass through into...
EUVD-2026-19730
Emissary has a Command Injection via PLACENAME Configuration in Executrix...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the Executrix utility when configuration-derived values, such as PLACENAME, are concatenated into shell commands without sufficient sanitization. An attacker can achieve arbitrary command execution by supplying...
CVE-2026-35581
Emissary’s Executrix utility creates shell commands by concatenating configuration-derived values (including PLACE_NAME) with insufficient sanitization prior to version 8.39.0. This allowed shell metacharacters to pass into /bin/sh -c command execution, enabling a Command Injection vulnerability....
CVE-2026-35581 Emissary has a Command Injection via PLACE_NAME Configuration in Executrix
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...
CVE-2026-35581 Emissary has a Command Injection via PLACE_NAME Configuration in Executrix
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...
CVE-2026-35581
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...
PT-2026-30893
Name of the Vulnerable Software and Affected Versions Emissary versions prior to 8.39.0 Description Emissary is a P2P based data-driven workflow engine. Prior to version 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values, including the PLA...