VYPR

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ClassDraftLikelihood: High

Description

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76

CVEs mapped to this weakness (1,552)

page 75 of 78
  • CVE-2021-23355Mar 15, 2021
    risk 0.00cvss epss 0.01

    This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.…

  • CVE-2021-23356Mar 15, 2021
    risk 0.00cvss epss 0.01

    This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.

  • CVE-2021-23352Mar 9, 2021
    risk 0.00cvss epss 0.02

    This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.

  • CVE-2020-8298Mar 4, 2021
    risk 0.00cvss epss 0.11

    fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.

  • CVE-2020-28243Feb 27, 2021
    risk 0.00cvss epss 0.04

    An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.

  • CVE-2021-23337Feb 15, 2021
    risk 0.00cvss epss 0.22

    Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

  • CVE-2021-27185Feb 10, 2021
    risk 0.00cvss epss 0.05

    The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.

  • CVE-2021-21479Feb 9, 2021
    risk 0.00cvss epss 0.10

    In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system.

  • CVE-2021-26541Feb 8, 2021
    risk 0.00cvss epss 0.05

    The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability.

  • CVE-2021-23330Feb 1, 2021
    risk 0.00cvss epss 0.05

    All versions of package launchpad are vulnerable to Command Injection via stop.

  • CVE-2021-23326Jan 20, 2021
    risk 0.00cvss epss 0.03

    This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.

  • CVE-2020-7784Jan 8, 2021
    risk 0.00cvss epss 0.01

    This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC:

  • CVE-2020-7794Jan 8, 2021
    risk 0.00cvss epss 0.02

    This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule).

  • CVE-2020-35136Dec 23, 2020
    risk 0.00cvss epss 0.06

    Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.

  • CVE-2020-28247Nov 12, 2020
    risk 0.00cvss epss 0.01

    The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs.

  • CVE-2020-15228Oct 1, 2020
    risk 0.00cvss epss 0.01

    In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the…

  • CVE-2020-7697Jul 29, 2020
    risk 0.00cvss epss 0.02

    This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require('../server/getJsonByCurl')(mock2easy, function (error, stdout) { if (error) { return res.json(500, error); } res.json(JSON.parse(stdout)); },…

  • CVE-2020-8186Jul 10, 2020
    risk 0.00cvss epss 0.03

    A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.

  • CVE-2020-4059Jun 18, 2020
    risk 0.00cvss epss 0.03

    In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in…

  • CVE-2020-5299Jun 3, 2020
    risk 0.00cvss epss 0.01

    In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to…