Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/01/22 12:20 a.m.12 views

CVE-2026-0933

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

9.9CVSS6.1AI score0.01393EPSS
Exploits0References1
OSV
OSV
added 2026/01/21 11:0 p.m.70 views

GHSA-36P8-MVP6-CV38 Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

7.7CVSS6AI score0.01393EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/01/21 11:0 p.m.12 views

Wrangler affected by OS Command Injection in `wrangler pages deploy`

Summary A command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash t...

9.9CVSS6.1AI score0.01393EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/01/21 12:31 a.m.21 views

EUVD-2026-3519

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

7.7CVSS6.1AI score0.01393EPSS
Exploits0References2
OSV
OSV
added 2026/01/21 12:31 a.m.80 views

GHSA-8H3Q-9FPP-C883 Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The iss...

7.7CVSS6.2AI score0.01393EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/21 12:31 a.m.13 views

Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy`

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The iss...

9.9CVSS6.1AI score0.01393EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/01/20 11:45 p.m.8 views

Improper Input Validation

Overview wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Improper Input Validation via the wrangler pages deploy command when the --commit-hash parameter is passed directly to a shell command without proper validation or...

9.9CVSS6AI score0.01393EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 11:16 p.m.49 views

CVE-2026-0933

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

9.9CVSS0.01393EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 10:58 p.m.6 views

CVE-2026-0933

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

9.9CVSS5.9AI score0.01393EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/20 10:58 p.m.51 views

CVE-2026-0933

Summary of CVE-2026-0933 : A command injection vulnerability exists in the Cloudflare Wrangler tool’s “wrangler pages deploy” command. The root cause is that the commitHash provided via the --commit-hash CLI argument is interpolated directly into a shell command (example: execSync(git show -s --f...

9.9CVSS6.1AI score0.01393EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 10:58 p.m.6 views

CVE-2026-0933 OS Command Injection in `wrangler pages deploy`

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

7.7CVSS6.1AI score0.01393EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 10:58 p.m.62 views

CVE-2026-0933 OS Command Injection in `wrangler pages deploy`

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

7.7CVSS0.01393EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 10:58 p.m.6 views

CVE-2026-0933 OS Command Injection in `wrangler pages deploy`

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

7.7CVSS6.1AI score0.01393EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.12 views

PT-2026-3738

Name of the Vulnerable Software and Affected Versions Wrangler versions prior to 3.114.17 Wrangler versions prior to 4.59.1 Wrangler version 2 EOL Description A command injection issue exists in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed to a...

7.7CVSS6AI score0.01393EPSS
Exploits0References3
Rows per page
Query Builder