hackage package
process
pkg:hackage/process
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-1874 | — | >= 1.0.0.0, < 1.6.23.0 | 1.6.23.0 | Apr 29, 2024 | In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would exec | ||
| CVE-2024-3566 | Cri | 9.8 | >= 1.0.0.0, < 1.6.23.0 | 1.6.23.0 | Apr 10, 2024 | A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | |
| CVE-2024-24576 | — | >= 1.0.0.0, < 1.6.23.0 | 1.6.23.0 | Apr 9, 2024 | Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to | ||
| CVE-2024-22423 | — | >= 1.0.0.0, < 1.6.23.0 | 1.6.23.0 | Apr 9, 2024 | yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion o |
- CVE-2024-1874Apr 29, 2024affected >= 1.0.0.0, < 1.6.23.0fixed 1.6.23.0
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would exec
- affected >= 1.0.0.0, < 1.6.23.0fixed 1.6.23.0
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
- CVE-2024-24576Apr 9, 2024affected >= 1.0.0.0, < 1.6.23.0fixed 1.6.23.0
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to
- CVE-2024-22423Apr 9, 2024affected >= 1.0.0.0, < 1.6.23.0fixed 1.6.23.0
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion o