2 matches found
EUVD-2026-32670
uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...
CVE-2026-45152
CVE-2026-45152 affects uniget prior to 0.27.1, where a command injection is possible via the check field loaded from untrusted JSON metadata. The implementation runs /bin/bash -c on tool.Check, allowing an attacker-controlled value to execute arbitrary shell commands during common operations (des...