89 matches found
CVE-2026-9277
shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...
shell-quote 安全漏洞
Shell-quote is a software package developed by Jordan Harband. It is used for parsing and quoting shell commands. Shell-quote has a security vulnerability. This vulnerability stems from the quote function not verifying the object token input and the operator model used in parse. As a result, line...
PT-2026-42766
Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.4 Description The quote function fails to validate object-token inputs against the operator model used by parse. Specifically, the .op field is escaped using a regular expression that does not match line...
Astra Linux – Vulnerability in Less
Closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...
CVE-2026-30302
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...
CVE-2026-30302
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...
CVE-2026-30302
The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...
EUVD-2019-0328
Malware in sbrugna...
EUVD-2014-0089
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-48624
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Note that Nessus relies on the presence of the package as...
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
Huawei EulerOS: Security Advisory for less (EulerOS-SA-2024-1965)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Vulnerability of the close_altfile() function (filename.c) for UNIX-like system text terminals: allowing attackers to execute arbitrary commands
The vulnerability of the closealtfile function filename.c for UNIX-like system text terminals is related to the omission of the Shellquote call for LESSCLOSE. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...
CLSA-2024-1714066220 Fix CVE(s): CVE-2022-48624
SECURITY UPDATE: shell-quote filenames when invoking LESSCLOSE. - debian/patches/CVE-2022-48624.patch: Fix closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. - CVE-2022-48624...
CLSA-2024-1713523598 less: Fix of CVE-2022-48624
CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...
less: Fix of CVE-2022-48624
CVE-2022-48624: shell-quote filenames when invoking LESSCLOSE...
SUSE SLES12 Security Update : less (SUSE-SU-2024:1189-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1189-1 advisory. - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters bsc1219901. Tenable has extracted the preceding...
Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities
Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...
Important: less
Issue Overview: closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Affected Packages: less Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...
Important: less
Issue Overview: closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE. CVE-2022-48624 Affected Packages: less Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...