CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Description
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76
CVEs mapped to this weakness (1,552)
page 41 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6656 | Hig | 0.47 | 7.2 | 0.01 | Dec 16, 2016 | An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to… | ||
| CVE-2026-9277 | Hig | 0.46 | 8.1 | 0.01 | May 22, 2026 | shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line… | ||
| CVE-2026-26133 | Hig | 0.46 | 7.1 | 0.00 | Mar 16, 2026 | AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||
| CVE-2025-12155 | Hig | 0.46 | — | 0.01 | Nov 10, 2025 | A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. Looker-hosted and Self-hosted were found… | ||
| CVE-2025-53967 | — | Hig | 0.46 | 8.0 | 0.07 | Oct 8, 2025 | Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to… | |
| CVE-2025-4678 | Hig | 0.46 | — | 0.02 | Jun 10, 2025 | Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105. | ||
| CVE-2024-9145 | Hig | 0.46 | — | 0.01 | Oct 1, 2024 | Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked… | ||
| CVE-2023-6634 | Hig | 0.46 | 8.1 | 0.09 | Jan 11, 2024 | The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated… | ||
| CVE-2023-6572 | Hig | 0.46 | 8.1 | 0.02 | Dec 14, 2023 | Command Injection in GitHub repository gradio-app/gradio prior to main. | ||
| CVE-2023-35932 | — | Hig | 0.46 | 7.1 | 0.02 | Jun 23, 2023 | jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special… | |
| CVE-2023-0789 | — | Hig | 0.46 | 8.1 | 0.02 | Feb 12, 2023 | Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |
| CVE-2022-25900 | — | Hig | 0.46 | 8.1 | 0.03 | Jul 1, 2022 | All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. | |
| CVE-2022-25865 | Hig | 0.46 | 8.1 | 0.07 | May 13, 2022 | The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch… | ||
| CVE-2022-25866 | — | Hig | 0.46 | 8.1 | 0.04 | Apr 25, 2022 | The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that… | |
| CVE-2022-21235 | — | Hig | 0.46 | 8.1 | 0.02 | Apr 1, 2022 | The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection. | |
| CVE-2022-21187 | — | Hig | 0.46 | 8.1 | 0.04 | Mar 14, 2022 | The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command… | |
| CVE-2020-36462 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2. | |
| CVE-2020-36457 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox implements the Send and Sync traits for all types T. | |
| CVE-2020-36455 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync. | |
| CVE-2020-36447 | — | Hig | 0.46 | 8.1 | 0.01 | Aug 8, 2021 | An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef. |
- risk 0.47cvss 7.2epss 0.01
An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order to exploit this vulnerability the user must have superuser 'gpadmin' access to…
- risk 0.46cvss 8.1epss 0.01
shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line…
- risk 0.46cvss 7.1epss 0.00
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
- risk 0.46cvss —epss 0.01
A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user is deleted on the host system. Looker-hosted and Self-hosted were found…
- risk 0.46cvss 8.0epss 0.07
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to…
- risk 0.46cvss —epss 0.02
Improper Neutralization of Special Elements in the chromium_path variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105.
- risk 0.46cvss —epss 0.01
Wiz Code Visual Studio Code extension in versions 1.0.0 up to 1.5.3 and Wiz (legacy) Visual Studio Code extension in versions 0.13.0 up to 0.17.8 are vulnerable to local command injection if the user opens a maliciously crafted Dockerfile located in a path that has been marked…
- risk 0.46cvss 8.1epss 0.09
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated…
- risk 0.46cvss 8.1epss 0.02
Command Injection in GitHub repository gradio-app/gradio prior to main.
- risk 0.46cvss 7.1epss 0.02
jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special…
- risk 0.46cvss 8.1epss 0.02
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
- risk 0.46cvss 8.1epss 0.03
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.
- risk 0.46cvss 8.1epss 0.07
The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch…
- risk 0.46cvss 8.1epss 0.04
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that…
- risk 0.46cvss 8.1epss 0.02
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.
- risk 0.46cvss 8.1epss 0.04
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command…
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox implements the Send and Sync traits for all types T.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync.
- risk 0.46cvss 8.1epss 0.01
An issue was discovered in the v9 crate through 2020-12-18 for Rust. There is an unconditional implementation of Sync for SyncRef.