Headline

GHSA-6q8m-42qq-64r7: Imperative CLI vulnerable to Command Injection

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.

1 year ago

ghsa

Open in Source

#vulnerability #nodejs #git

GitHub Advisory Database
GitHub Reviewed
CVE-2021-4326

Imperative CLI vulnerable to Command Injection

Moderate severity GitHub Reviewed Published Mar 1, 2023 to the GitHub Advisory Database • Updated Mar 1, 2023

Package

npm @zowe/imperative (npm)

Affected versions

< 5.9.0

Description

Published by the National Vulnerability Database

Mar 1, 2023

Published to the GitHub Advisory Database

Mar 1, 2023

1 year ago

CVE

Open in Source

#vulnerability #web #windows #nodejs #js #git #java #auth

ghsa: Latest News

GHSA-j4jw-m6xr-fv6c: Soft Serve vulnerable to path traversal attacks

1 hour ago

ghsa

GHSA-95m2-chm4-mq7m: PHP-Textile has persistent XSS vulnerability in image link handling

23 hours ago

ghsa

GHSA-2r2v-9pf8-6342: WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover

1 day ago

ghsa

GHSA-r5vf-wf4h-82gg: matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity

1 day ago

ghsa

GHSA-f27p-cmv8-xhm6: fetch: Authorization headers not dropped when redirecting cross-origin

1 day ago

ghsa

Headline

GHSA-6q8m-42qq-64r7: Imperative CLI vulnerable to Command Injection

Related news

ghsa: Latest News