Kana Dojo

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-48547	Lingdojo Kana Dojo	Hig	0.47	7.3	—		Jun 11, 2026	KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json, which are interpolated unsanitized into a…
CVE-2026-48546	Lingdojo Kana Dojo	Hig	0.40	7.3	—		Jun 11, 2026	KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext() sandbox context in the issue-auto-respond.yml workflow.…

CVE-2026-48547HigJun 11, 2026
Lingdojo
Kana Dojo
risk 0.47cvss 7.3epss —
KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json, which are interpolated unsanitized into a…
CVE-2026-48546HigJun 11, 2026
Lingdojo
Kana Dojo
risk 0.40cvss 7.3epss —
KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explicit passing of the global require function into a Node.js vm.runInNewContext() sandbox context in the issue-auto-respond.yml workflow.…