Lucene search
+L

7 matches found

NVD
NVD
added 2026/06/26 6:17 p.m.14 views

CVE-2026-54557

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 4:47 p.m.38 views

CVE-2026-54557 mise HTTP backend uses raw version path for install symlink destination

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 4:47 p.m.27 views

CVE-2026-54557

CVE-2026-54557 affects the mise HTTP backend. Before 2026.6.1, install symlinks were created using the raw resolved version string for non-latest versions, instead of the sanitized version pathname. This allows a repository-controlled .tool-versions entry to cause mise install to create a symlink...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 4:47 p.m.4 views

CVE-2026-54557 mise HTTP backend uses raw version path for install symlink destination

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS6AI score0.00175EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:47 p.m.9 views

CVE-2026-54557

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/23 6:13 p.m.11 views

mise HTTP backend uses raw version path for install symlink destination

Summary The mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an...

5.5CVSS6.1AI score0.00175EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/23 6:13 p.m.5 views

GHSA-F94H-J2QG-FXW3 mise HTTP backend uses raw version path for install symlink destination

Summary The mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlink path uses the raw value. On Unix-like systems, if that version is an...

5.5CVSS6.1AI score0.00175EPSS
Exploits0References2
Rows per page
Query Builder