VYPR

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ClassDraftLikelihood: High

Description

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76

CVEs mapped to this weakness (1,552)

page 41 of 78
  • CVE-2016-6656HigDec 16, 2016
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to…

  • CVE-2026-9277HigMay 22, 2026
    risk 0.46cvss 8.1epss 0.01

    shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line…

  • CVE-2026-26133HigMar 16, 2026
    risk 0.46cvss 7.1epss 0.00

    AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-12155HigNov 10, 2025
    risk 0.46cvss epss 0.01

    A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. Looker-hosted and Self-hosted were found…

  • CVE-2025-53967HigOct 8, 2025
    risk 0.46cvss 8.0epss 0.07

    Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to…

  • CVE-2025-4678HigJun 10, 2025
    risk 0.46cvss epss 0.02

    Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105.

  • CVE-2024-9145HigOct 1, 2024
    risk 0.46cvss epss 0.01

    Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked…

  • CVE-2023-6634HigJan 11, 2024
    risk 0.46cvss 8.1epss 0.09

    The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated…

  • CVE-2023-6572HigDec 14, 2023
    risk 0.46cvss 8.1epss 0.02

    Command Injection in GitHub repository gradio-app/gradio prior to main.

  • CVE-2023-35932HigJun 23, 2023
    risk 0.46cvss 7.1epss 0.02

    jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special…

  • CVE-2023-0789HigFeb 12, 2023
    risk 0.46cvss 8.1epss 0.02

    Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.

  • CVE-2022-25900HigJul 1, 2022
    risk 0.46cvss 8.1epss 0.03

    All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.

  • CVE-2022-25865HigMay 13, 2022
    risk 0.46cvss 8.1epss 0.07

    The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch…

  • CVE-2022-25866HigApr 25, 2022
    risk 0.46cvss 8.1epss 0.04

    The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that…

  • CVE-2022-21235HigApr 1, 2022
    risk 0.46cvss 8.1epss 0.02

    The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.

  • CVE-2022-21187HigMar 14, 2022
    risk 0.46cvss 8.1epss 0.04

    The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command…

  • CVE-2020-36462HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2.

  • CVE-2020-36457HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox implements the Send and Sync traits for all types T.

  • CVE-2020-36455HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync.

  • CVE-2020-36447HigAug 8, 2021
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef.