3 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the dir parameter in the terminal handler process. An attacker can execute arbitrary operating system commands with web server privileges by injecting shell metacharacters into the dir parameter, bypassing command...
CVE-2026-44462
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...
Zed 安全漏洞
Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.229.0 contained security vulnerabilities. These vulnerabilities stemmed from the terminal tool permission system’s ability to bypass the bash variable expansion chain, allowing for the execution of arbitrary commands und...