CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Description
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88
CVEs mapped to this weakness (2,292)
page 107 of 115| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10235 | — | 0.00 | — | 0.02 | Mar 9, 2020 | An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in… | ||
| CVE-2020-2159 | 0.00 | — | 0.02 | Mar 9, 2020 | Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins. | |||
| CVE-2020-1734 | 0.00 | — | 0.00 | Mar 3, 2020 | A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run… | |||
| CVE-2019-10801 | — | 0.00 | — | 0.03 | Feb 28, 2020 | enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization. | ||
| CVE-2019-10802 | 0.00 | — | 0.02 | Feb 28, 2020 | giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation. | |||
| CVE-2019-10803 | — | 0.00 | — | 0.03 | Feb 28, 2020 | push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands. | ||
| CVE-2019-10804 | — | 0.00 | — | 0.03 | Feb 28, 2020 | serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation. | ||
| CVE-2019-15609 | — | 0.00 | — | 0.04 | Feb 28, 2020 | The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability. | ||
| CVE-2019-10799 | — | 0.00 | — | 0.02 | Feb 24, 2020 | compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization. | ||
| CVE-2019-10796 | — | 0.00 | — | 0.03 | Feb 24, 2020 | rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. | ||
| CVE-2020-8130 | — | 0.00 | — | 0.01 | Feb 24, 2020 | There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | ||
| CVE-2019-10791 | — | 0.00 | — | 0.02 | Feb 18, 2020 | promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization. | ||
| CVE-2019-19325 | — | 0.00 | — | 0.01 | Feb 17, 2020 | SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site… | ||
| CVE-2020-7597 | — | 0.00 | — | 0.03 | Feb 17, 2020 | codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596. | ||
| CVE-2019-10786 | — | 0.00 | — | 0.02 | Feb 4, 2020 | network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. | ||
| CVE-2019-10787 | 0.00 | — | 0.04 | Feb 4, 2020 | im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization. | |||
| CVE-2019-10788 | — | 0.00 | — | 0.02 | Feb 4, 2020 | im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function. | ||
| CVE-2019-10783 | — | 0.00 | — | 0.03 | Jan 29, 2020 | All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input. | ||
| CVE-2019-10780 | — | 0.00 | — | 0.03 | Jan 22, 2020 | BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open. | ||
| CVE-2019-10777 | — | 0.00 | — | 0.02 | Jan 8, 2020 | In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName". |
- CVE-2020-10235Mar 9, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in…
- CVE-2020-2159Mar 9, 2020risk 0.00cvss —epss 0.02
Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job/Configure access to execute arbitrary OS commands on the Jenkins master as the OS user account running Jenkins.
- CVE-2020-1734Mar 3, 2020risk 0.00cvss —epss 0.00
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run…
- CVE-2019-10801Feb 28, 2020risk 0.00cvss —epss 0.03
enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization.
- CVE-2019-10802Feb 28, 2020risk 0.00cvss —epss 0.02
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument "repo" of function "pull()" is executed by the package without any validation.
- CVE-2019-10803Feb 28, 2020risk 0.00cvss —epss 0.03
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable "opt.branch" is not validated before being provided to the "git" command within "index.js#L139". This could be abused by an attacker to inject arbitrary commands.
- CVE-2019-10804Feb 28, 2020risk 0.00cvss —epss 0.03
serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation.
- CVE-2019-15609Feb 28, 2020risk 0.00cvss —epss 0.04
The kill-port-process package version < 2.2.0 is vulnerable to a Command Injection vulnerability.
- CVE-2019-10799Feb 24, 2020risk 0.00cvss —epss 0.02
compile-sass prior to 1.0.5 allows execution of arbritary commands. The function "setupCleanupOnExit(cssPath)" within "dist/index.js" is executed as part of the "rm" command without any sanitization.
- CVE-2019-10796Feb 24, 2020risk 0.00cvss —epss 0.03
rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization.
- CVE-2020-8130Feb 24, 2020risk 0.00cvss —epss 0.01
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
- CVE-2019-10791Feb 18, 2020risk 0.00cvss —epss 0.02
promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.
- CVE-2019-19325Feb 17, 2020risk 0.00cvss —epss 0.01
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site…
- CVE-2020-7597Feb 17, 2020risk 0.00cvss —epss 0.03
codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596.
- CVE-2019-10786Feb 4, 2020risk 0.00cvss —epss 0.02
network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.
- CVE-2019-10787Feb 4, 2020risk 0.00cvss —epss 0.04
im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.
- CVE-2019-10788Feb 4, 2020risk 0.00cvss —epss 0.02
im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the "exec" function.
- CVE-2019-10783Jan 29, 2020risk 0.00cvss —epss 0.03
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input.
- CVE-2019-10780Jan 22, 2020risk 0.00cvss —epss 0.03
BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open.
- CVE-2019-10777Jan 8, 2020risk 0.00cvss —epss 0.02
In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName".