VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 104 of 115
  • CVE-2020-28440Dec 11, 2020
    risk 0.00cvss epss 0.02

    All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function.

  • CVE-2020-7789Dec 11, 2020
    risk 0.00cvss epss 0.02

    This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.

  • CVE-2020-26245Nov 27, 2020
    risk 0.00cvss epss 0.02

    npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be…

  • CVE-2020-7778Nov 26, 2020
    risk 0.00cvss epss 0.02

    This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.

  • CVE-2020-26217Nov 16, 2020
    risk 0.00cvss epss 0.85

    XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security…

  • CVE-2020-15271Oct 26, 2020
    risk 0.00cvss epss 0.02

    In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is…

  • CVE-2020-7752Oct 26, 2020
    risk 0.00cvss epss 0.06

    This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.

  • CVE-2020-7735Sep 25, 2020
    risk 0.00cvss epss 0.02

    The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

  • CVE-2020-13948Sep 17, 2020
    risk 0.00cvss epss 0.03

    While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions <…

  • CVE-2020-2276Sep 16, 2020
    risk 0.00cvss epss 0.02

    Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as.

  • CVE-2020-2261Sep 16, 2020
    risk 0.00cvss epss 0.01

    Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller

  • CVE-2020-11977Sep 15, 2020
    risk 0.00cvss epss 0.03

    In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

  • CVE-2020-7730Sep 4, 2020
    risk 0.00cvss epss 0.03

    The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param.

  • CVE-2020-7712Aug 30, 2020
    risk 0.00cvss epss 0.04

    This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

  • CVE-2019-14904Aug 25, 2020
    risk 0.00cvss epss 0.00

    A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw…

  • CVE-2020-15123Jul 20, 2020
    risk 0.00cvss epss 0.04

    In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE (CVE-2020-7597 for…

  • CVE-2020-11981Jul 16, 2020
    risk 0.00cvss epss 0.34

    An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

  • CVE-2020-8178Jul 15, 2020
    risk 0.00cvss epss 0.04

    Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.

  • CVE-2020-8186Jul 10, 2020
    risk 0.00cvss epss 0.03

    A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.

  • CVE-2020-13619Jul 1, 2020
    risk 0.00cvss epss 0.03

    php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution.