Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.4 views

CVE-2026-35581

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...

7.2CVSS5.9AI score0.00563EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/08 12:12 a.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Executrix utility when configuration-derived values, such as PLACENAME, are concatenated into shell commands without sufficient sanitization. An attacker can achieve arbitrary command execution by supplying...

8.6CVSS6AI score0.00563EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:12 a.m.13 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Executrix utility when configuration-derived values, such as PLACENAME, are concatenated into shell commands without sufficient sanitization. An attacker can achieve arbitrary command execution by supplying...

8.6CVSS6AI score0.00563EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/08 12:12 a.m.6 views

EUVD-2026-19730

Emissary has a Command Injection via PLACENAME Configuration in Executrix...

7.2CVSS5.9AI score0.00563EPSS
Exploits1References3
OSV
OSV
added 2026/04/08 12:12 a.m.3 views

GHSA-6C37-7W4P-JG9V Emissary has a Command Injection via PLACE_NAME Configuration in Executrix

Summary The Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing shell metacharacters ;, |, $, , , , etc. to pass through into...

7.2CVSS6.1AI score0.00563EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 12:12 a.m.9 views

Emissary has a Command Injection via PLACE_NAME Configuration in Executrix

Summary The Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing shell metacharacters ;, |, $, , , , etc. to pass through into...

7.2CVSS6.1AI score0.00563EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 3:56 p.m.1 views

CVE-2026-35581 Emissary has a Command Injection via PLACE_NAME Configuration in Executrix

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...

7.2CVSS5.9AI score0.00563EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/07 3:56 p.m.19 views

CVE-2026-35581 Emissary has a Command Injection via PLACE_NAME Configuration in Executrix

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...

7.2CVSS0.00563EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 3:56 p.m.3 views

CVE-2026-35581

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...

7.2CVSS5.9AI score0.00563EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/07 3:56 p.m.16 views

CVE-2026-35581

Emissary’s Executrix utility creates shell commands by concatenating configuration-derived values (including PLACE_NAME) with insufficient sanitization prior to version 8.39.0. This allowed shell metacharacters to pass into /bin/sh -c command execution, enabling a Command Injection vulnerability....

7.2CVSS5.9AI score0.00563EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30893

Name of the Vulnerable Software and Affected Versions Emissary versions prior to 8.39.0 Description Emissary is a P2P based data-driven workflow engine. Prior to version 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values, including the PLA...

7.2CVSS5.9AI score0.00563EPSS
Exploits1References7
Rows per page
Query Builder