2 matches found
EUVD-2026-44661
A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...
Ian Dunn: Bypass fix in https://hackerone.com/reports/151516 report.
Hi. Steps to reproduce: 1. The same in previous https://hackerone.com/reports/151516 report. 2. But payload to bypass your fix would be like this: ;=cmd|' /C calc'!A0 Solution: 1. Add ; in your escape function esccsv on line 2858 of camptix.php References: 1...