CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

CWE-77

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,016)

page 82 of 101

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2023-51450	Basercms Basercms	—	0.01	Feb 22, 2024	baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.
CVE-2023-52314	PaddlePaddle Paddle	—	0.00	Jan 3, 2024	PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52311	PaddlePaddle Paddle	—	0.00	Jan 3, 2024	PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52310	PaddlePaddle Paddle	—	0.00	Jan 3, 2024	PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2019-25158	Pedroetb Tts API	—	0.01	Dec 19, 2023	A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch…
CVE-2023-6018	Mlflow Mlflow	—	0.91	Nov 16, 2023	An attacker can overwrite any file on the server hosting MLflow without any authentication.
CVE-2023-26156	Giggio Node Chromedriver	—	0.01	Nov 9, 2023	Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. Note: An attacker must…
CVE-2023-40581	—	—	0.13	Sep 25, 2023	yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata…
CVE-2022-3874	Theforeman Foreman	—	0.00	Sep 22, 2023	A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the…
CVE-2023-5002	Pgadmin.org Pgadmin4	—	0.24	Sep 22, 2023	A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API,…
CVE-2023-40582	shime find-exec	—	0.05	Aug 30, 2023	find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the…
CVE-2023-40267	—	—	0.00	Aug 11, 2023	GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
CVE-2023-38208	Adobe Inc. Magento Commerce	—	0.04	Aug 9, 2023	Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an…
CVE-2023-4033	Mlflow Mlflow	—	0.00	Aug 1, 2023	OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
CVE-2023-38673	PaddlePaddle Paddle	—	0.00	Jul 26, 2023	PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-37477	1panel Dev 1panel	—	0.01	Jul 18, 2023	1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP…
CVE-2023-26134	—	—	0.00	Jun 28, 2023	Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject…
CVE-2023-35174	Livebook Dev Livebook	—	0.01	Jun 22, 2023	Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop…
CVE-2023-34540	Langchain AI Langchain	—	0.02	Jun 14, 2023	Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference,…
CVE-2023-33965	Txthinking Brook	—	0.01	Jun 1, 2023	Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A…

CVE-2023-51450Feb 22, 2024
Basercms
Basercms
risk 0.00cvss —epss 0.01
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulnerability.
CVE-2023-52314Jan 3, 2024
PaddlePaddle
Paddle
risk 0.00cvss —epss 0.00
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52311Jan 3, 2024
PaddlePaddle
Paddle
risk 0.00cvss —epss 0.00
PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52310Jan 3, 2024
PaddlePaddle
Paddle
risk 0.00cvss —epss 0.00
PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2019-25158Dec 19, 2023
Pedroetb
Tts API
risk 0.00cvss —epss 0.01
A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch…
CVE-2023-6018Nov 16, 2023
Mlflow
Mlflow
risk 0.00cvss —epss 0.91
An attacker can overwrite any file on the server hosting MLflow without any authentication.
CVE-2023-26156Nov 9, 2023
Giggio
Node Chromedriver
risk 0.00cvss —epss 0.01
Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. **Note:** An attacker must…
CVE-2023-40581Sep 25, 2023
risk 0.00cvss —epss 0.13
yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata…
CVE-2022-3874Sep 22, 2023
Theforeman
Foreman
risk 0.00cvss —epss 0.00
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the…
CVE-2023-5002Sep 22, 2023
Pgadmin.org
Pgadmin4
risk 0.00cvss —epss 0.24
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API,…
CVE-2023-40582Aug 30, 2023
shime
find-exec
risk 0.00cvss —epss 0.05
find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the…
CVE-2023-40267Aug 11, 2023
risk 0.00cvss —epss 0.00
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
CVE-2023-38208Aug 9, 2023
Adobe Inc.
Magento Commerce
risk 0.00cvss —epss 0.04
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an…
CVE-2023-4033Aug 1, 2023
Mlflow
Mlflow
risk 0.00cvss —epss 0.00
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
CVE-2023-38673Jul 26, 2023
PaddlePaddle
Paddle
risk 0.00cvss —epss 0.00
PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-37477Jul 18, 2023
1panel Dev
1panel
risk 0.00cvss —epss 0.01
1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP…
CVE-2023-26134Jun 28, 2023
risk 0.00cvss —epss 0.00
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject…
CVE-2023-35174Jun 22, 2023
Livebook Dev
Livebook
risk 0.00cvss —epss 0.01
Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop…
CVE-2023-34540Jun 14, 2023
Langchain AI
Langchain
risk 0.00cvss —epss 0.02
Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). This vulnerability allows attackers to execute arbitrary code via crafted input. As noted in the "releases/tag" reference,…
CVE-2023-33965Jun 1, 2023
Txthinking
Brook
risk 0.00cvss —epss 0.01
Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A…