CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Description
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76
CVEs mapped to this weakness (1,552)
page 72 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23915 | — | 0.00 | — | 0.03 | Mar 4, 2022 | The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. | ||
| CVE-2022-0764 | 0.00 | — | 0.01 | Feb 26, 2022 | Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | |||
| CVE-2021-45082 | 0.00 | — | 0.01 | Feb 18, 2022 | An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) | |||
| CVE-2022-21668 | — | 0.00 | — | 0.04 | Jan 10, 2022 | pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which… | ||
| CVE-2021-45456 | — | 0.00 | — | 0.89 | Jan 6, 2022 | Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal… | ||
| CVE-2021-38542 | — | 0.00 | — | 0.02 | Jan 4, 2022 | Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. | ||
| CVE-2021-23727 | — | 0.00 | — | 0.04 | Dec 29, 2021 | This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata… | ||
| CVE-2021-45459 | — | 0.00 | — | 0.04 | Dec 22, 2021 | lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. | ||
| CVE-2021-43113 | — | 0.00 | — | 0.05 | Dec 15, 2021 | iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. | ||
| CVE-2020-36379 | — | 0.00 | — | 0.02 | Oct 31, 2021 | An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||
| CVE-2020-36381 | — | 0.00 | — | 0.02 | Oct 31, 2021 | An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||
| CVE-2020-36380 | — | 0.00 | — | 0.02 | Oct 31, 2021 | An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||
| CVE-2020-36378 | — | 0.00 | — | 0.02 | Oct 31, 2021 | An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||
| CVE-2020-36377 | — | 0.00 | — | 0.02 | Oct 31, 2021 | An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||
| CVE-2020-36376 | — | 0.00 | — | 0.02 | Oct 31, 2021 | An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||
| CVE-2021-41146 | 0.00 | — | 0.01 | Oct 21, 2021 | qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead… | |||
| CVE-2021-42740 | — | 0.00 | — | 0.04 | Oct 21, 2021 | The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command… | ||
| CVE-2021-41116 | 0.00 | — | 0.03 | Oct 5, 2021 | Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has… | |||
| CVE-2021-31605 | — | 0.00 | — | 0.03 | Sep 27, 2021 | furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM. | ||
| CVE-2021-3583 | — | 0.00 | — | 0.01 | Sep 22, 2021 | A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special… |
- CVE-2022-23915Mar 4, 2022risk 0.00cvss —epss 0.03
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.
- CVE-2022-0764Feb 26, 2022risk 0.00cvss —epss 0.01
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.
- CVE-2021-45082Feb 18, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.)
- CVE-2022-21668Jan 10, 2022risk 0.00cvss —epss 0.04
pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which…
- CVE-2021-45456Jan 6, 2022risk 0.00cvss —epss 0.89
Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal…
- CVE-2021-38542Jan 4, 2022risk 0.00cvss —epss 0.02
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information.
- CVE-2021-23727Dec 29, 2021risk 0.00cvss —epss 0.04
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata…
- CVE-2021-45459Dec 22, 2021risk 0.00cvss —epss 0.04
lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter.
- CVE-2021-43113Dec 15, 2021risk 0.00cvss —epss 0.05
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
- CVE-2020-36379Oct 31, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
- CVE-2020-36381Oct 31, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
- CVE-2020-36380Oct 31, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
- CVE-2020-36378Oct 31, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
- CVE-2020-36377Oct 31, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
- CVE-2020-36376Oct 31, 2021risk 0.00cvss —epss 0.02
An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
- CVE-2021-41146Oct 21, 2021risk 0.00cvss —epss 0.01
qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead…
- CVE-2021-42740Oct 21, 2021risk 0.00cvss —epss 0.04
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command…
- CVE-2021-41116Oct 5, 2021risk 0.00cvss —epss 0.03
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has…
- CVE-2021-31605Sep 27, 2021risk 0.00cvss —epss 0.03
furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.
- CVE-2021-3583Sep 22, 2021risk 0.00cvss —epss 0.01
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special…