CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

CWE-77

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,016)

page 86 of 101

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2022-1440	—	—	0.09	Apr 22, 2022	Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow…
CVE-2022-29583	—	—	0.00	Apr 22, 2022	service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others.
CVE-2022-24803	Jirutka Asciidoctor Include Ext	—	0.01	Mar 31, 2022	Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This…
CVE-2021-23632	Git Git	—	0.03	Mar 17, 2022	All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js…
CVE-2022-24753	Stripe Stripe CLI	—	0.00	Mar 9, 2022	Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and…
CVE-2022-24193	CasaOS CasaOS	—	0.19	Mar 7, 2022	CasaOS before v0.2.7 was discovered to contain a command injection vulnerability.
CVE-2021-46704	Genieacs Genieacs	—	0.87	Mar 6, 2022	In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
CVE-2022-24725	Ericcornelissen Shescape	—	0.00	Mar 3, 2022	Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`.…
CVE-2022-0841	—	—	0.00	Mar 3, 2022	OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.
CVE-2022-24720	Janko Image Processing	—	0.01	Mar 1, 2022	image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell…
CVE-2022-0764	Strapi Strapi	—	0.00	Feb 26, 2022	Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.
CVE-2022-25328	—	—	0.00	Feb 25, 2022	The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a…
CVE-2022-25174	Jenkins Project Pipeline: Shared Groovy Libraries Plugin	—	0.00	Feb 15, 2022	Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM…
CVE-2022-25173	Jenkins Project Pipeline: Groovy Plugin	—	0.00	Feb 15, 2022	Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the…
CVE-2022-25175	—	—	0.00	Feb 15, 2022	Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
CVE-2022-0557	Microweber Microweber	—	0.17	Feb 11, 2022	OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-20617	Jenkins Project Docker Commons Plugin	—	0.01	Jan 12, 2022	Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM…
CVE-2021-23727	—	—	0.01	Dec 29, 2021	This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata…
CVE-2021-43857	Gerapy Gerapy	—	0.42	Dec 27, 2021	Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
CVE-2020-19316	—	—	0.04	Dec 20, 2021	OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.

CVE-2022-1440Apr 22, 2022
risk 0.00cvss —epss 0.09
Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow…
CVE-2022-29583Apr 22, 2022
risk 0.00cvss —epss 0.00
service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others.
CVE-2022-24803Mar 31, 2022
Jirutka
Asciidoctor Include Ext
risk 0.00cvss —epss 0.01
Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This…
CVE-2021-23632Mar 17, 2022
Git
Git
risk 0.00cvss —epss 0.03
All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js…
CVE-2022-24753Mar 9, 2022
Stripe
Stripe CLI
risk 0.00cvss —epss 0.00
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and…
CVE-2022-24193Mar 7, 2022
CasaOS
CasaOS
risk 0.00cvss —epss 0.19
CasaOS before v0.2.7 was discovered to contain a command injection vulnerability.
CVE-2021-46704Mar 6, 2022
Genieacs
Genieacs
risk 0.00cvss —epss 0.87
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
CVE-2022-24725Mar 3, 2022
Ericcornelissen
Shescape
risk 0.00cvss —epss 0.00
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`.…
CVE-2022-0841Mar 3, 2022
risk 0.00cvss —epss 0.00
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.
CVE-2022-24720Mar 1, 2022
Janko
Image Processing
risk 0.00cvss —epss 0.01
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the attacker to execute shell…
CVE-2022-0764Feb 26, 2022
Strapi
Strapi
risk 0.00cvss —epss 0.00
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.
CVE-2022-25328Feb 25, 2022
risk 0.00cvss —epss 0.00
The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a…
CVE-2022-25174Feb 15, 2022
Jenkins Project
Pipeline: Shared Groovy Libraries Plugin
risk 0.00cvss —epss 0.00
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM…
CVE-2022-25173Feb 15, 2022
Jenkins Project
Pipeline: Groovy Plugin
risk 0.00cvss —epss 0.00
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the…
CVE-2022-25175Feb 15, 2022
risk 0.00cvss —epss 0.00
Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.
CVE-2022-0557Feb 11, 2022
Microweber
Microweber
risk 0.00cvss —epss 0.17
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-20617Jan 12, 2022
Jenkins Project
Docker Commons Plugin
risk 0.00cvss —epss 0.01
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM…
CVE-2021-23727Dec 29, 2021
risk 0.00cvss —epss 0.01
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata…
CVE-2021-43857Dec 27, 2021
Gerapy
Gerapy
risk 0.00cvss —epss 0.42
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
CVE-2020-19316Dec 20, 2021
risk 0.00cvss —epss 0.04
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.