Lucene search
K

4 matches found

Microsoft CVE
Microsoft CVE
added 2026/05/13 8:1 a.m.12 views

jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

...

4.4CVSS5.8AI score0.00157EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/11 5:24 p.m.50 views

CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

4.4CVSS0.00157EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 5:24 p.m.29 views

CVE-2026-43895

jq versions 1.8.1 and earlier are affected: embedded NUL bytes in import paths at the jq-language level can be resolved differently during module/data-file lookup, creating a mismatch between the logical import string and the on-disk path opened. This mismatch can enable a local redaction-policy ...

4.4CVSS5.9AI score0.00157EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/11 5:24 p.m.1 views

CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

4.4CVSS6AI score0.00157EPSS
Exploits1References3
Rows per page
Query Builder