CWE-77
Allowed-with-ReviewImproper Neutralization of Special Elements used in a Command ('Command Injection')
Abstraction: Class · Status: Draft
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
5383 vulnerabilities reference this CWE, most recent first.
GHSA-3CCH-WJ7F-8G8X
Vulnerability from github – Published: 2022-11-10 19:01 – Updated: 2026-04-08 21:31xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
{
"affected": [],
"aliases": [
"CVE-2022-45063"
],
"database_specific": {
"cwe_ids": [
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-10T16:15:00Z",
"severity": "CRITICAL"
},
"details": "xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.",
"id": "GHSA-3cch-wj7f-8g8x",
"modified": "2026-04-08T21:31:45Z",
"published": "2022-11-10T19:01:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45063"
},
{
"type": "WEB",
"url": "https://invisible-island.net/xterm/xterm.log.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T2JI5JCHPTXX2KJU45H2XAHQSFVEJ2Y"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IVD3I2ZFXGOY6BA2FNS7WPFMPFBDHFWC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5T2JI5JCHPTXX2KJU45H2XAHQSFVEJ2Y"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVD3I2ZFXGOY6BA2FNS7WPFMPFBDHFWC"
},
{
"type": "WEB",
"url": "https://news.ycombinator.com/item?id=33546415"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202211-09"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2022/11/10/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/11/10/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/06/15/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/06/17/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3CGX-5266-6JV3
Vulnerability from github – Published: 2021-12-27 00:00 – Updated: 2022-01-11 00:02Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22.
{
"affected": [],
"aliases": [
"CVE-2021-45617"
],
"database_specific": {
"cwe_ids": [
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-26T01:15:00Z",
"severity": "CRITICAL"
},
"details": "Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22.",
"id": "GHSA-3cgx-5266-6jv3",
"modified": "2022-01-11T00:02:02Z",
"published": "2021-12-27T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45617"
},
{
"type": "WEB",
"url": "https://kb.netgear.com/000064505/Security-Advisory-for-Pre-Authentication-Command-Injection-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0156"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3CH2-JXXC-V4XF
Vulnerability from github – Published: 2025-09-08 19:42 – Updated: 2025-09-10 21:03Command Injection in MCP Server
The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation.
Vulnerable tool
The MCP Server exposes the tool which-app-on-port which relies on Node.js child process API exec which is an unsafe and vulnerable API if concatenated with untrusted user input.
Vulnerable line of code: https://github.com/akoskm/create-mcp-server-stdio/blob/main/src/index.ts#L24-L40
server.tool("which-app-on-port", { port: z.number() }, async ({ port }) => {
const result = await new Promise<ProcessInfo>((resolve, reject) => {
exec(`lsof -t -i tcp:${port}`, (error, pidStdout) => {
if (error) {
reject(error);
return;
}
const pid = pidStdout.trim();
exec(`ps -p ${pid} -o comm=`, (error, stdout) => {
if (error) {
reject(error);
return;
}
resolve({ command: stdout.trim(), pid });
});
});
});
Exploitation
When LLMs are tricked through prompt injection (and other techniques and attack vectors) to call the tool with input that uses special shell characters such as ; rm -rf /tmp;# (be careful actually executing this payload) and other payload variations, the full command-line text will be interepted by the shell and result in other commands except of ps executing on the host running the MCP Server.
Reference example from prior security research on this topic:

Impact
User initiated and remote command injection on a running MCP Server.
Recommendation
- Don't use
exec. UseexecFileinstead, which pins the command and provides the arguments as array elements. - If the user input is not a command-line flag, use the
--notation to terminate command and command-line flag, and indicate that the text after the--double dash notation is benign value.
References and Prior work
- Exploiting MCP Servers Vulnerable to Command Injection
- Liran's Node.js Secure Coding: Defending Against Command Injection Vulnerabilities
Disclosed by Liran Tal
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@akoskm/create-mcp-server-stdio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54994"
],
"database_specific": {
"cwe_ids": [
"CWE-77",
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-08T19:42:34Z",
"nvd_published_at": "2025-09-08T20:15:35Z",
"severity": "CRITICAL"
},
"details": "# Command Injection in MCP Server\n\nThe MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation.\n\n## Vulnerable tool\n\nThe MCP Server exposes the tool `which-app-on-port` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input.\n\nVulnerable line of code: https://github.com/akoskm/create-mcp-server-stdio/blob/main/src/index.ts#L24-L40\n\n```js\nserver.tool(\"which-app-on-port\", { port: z.number() }, async ({ port }) =\u003e {\n const result = await new Promise\u003cProcessInfo\u003e((resolve, reject) =\u003e {\n exec(`lsof -t -i tcp:${port}`, (error, pidStdout) =\u003e {\n if (error) {\n reject(error);\n return;\n }\n const pid = pidStdout.trim();\n exec(`ps -p ${pid} -o comm=`, (error, stdout) =\u003e {\n if (error) {\n reject(error);\n return;\n }\n resolve({ command: stdout.trim(), pid });\n });\n });\n });\n```\n\n## Exploitation\n\nWhen LLMs are tricked through prompt injection (and other techniques and attack vectors) to call the tool with input that uses special shell characters such as `; rm -rf /tmp;#` (be careful actually executing this payload) and other payload variations, the full command-line text will be interepted by the shell and result in other commands except of `ps` executing on the host running the MCP Server.\n\nReference example from prior security research on this topic:\n\n\n\n## Impact\n\nUser initiated and remote command injection on a running MCP Server.\n\n## Recommendation\n\n- Don\u0027t use `exec`. Use `execFile` instead, which pins the command and provides the arguments as array elements.\n- If the user input is not a command-line flag, use the `--` notation to terminate command and command-line flag, and indicate that the text after the `--` double dash notation is benign value.\n\n## References and Prior work\n\n1. [Exploiting MCP Servers Vulnerable to Command Injection](https://snyk.io/articles/exploiting-mcp-servers-vulnerable-to-command-injection/)\n2. Liran\u0027s [Node.js Secure Coding: Defending Against Command Injection Vulnerabilities](https://www.nodejs-security.com/book/command-injection)\n\n##\n\nDisclosed by [Liran Tal](https://lirantal.com)",
"id": "GHSA-3ch2-jxxc-v4xf",
"modified": "2025-09-10T21:03:16Z",
"published": "2025-09-08T19:42:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/akoskm/create-mcp-server-stdio/security/advisories/GHSA-3ch2-jxxc-v4xf"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54994"
},
{
"type": "WEB",
"url": "https://github.com/akoskm/create-mcp-server-stdio/pull/1"
},
{
"type": "WEB",
"url": "https://github.com/akoskm/create-mcp-server-stdio/commit/48c26bbe1f8c62764e4592f33c8300d1cadd2eac"
},
{
"type": "PACKAGE",
"url": "https://github.com/akoskm/create-mcp-server-stdio"
},
{
"type": "WEB",
"url": "https://github.com/akoskm/create-mcp-server-stdio/blob/main/src/index.ts#L24-L40"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API"
}
GHSA-3CM3-QFJH-C5X9
Vulnerability from github – Published: 2026-04-13 06:30 – Updated: 2026-04-13 06:30A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
{
"affected": [],
"aliases": [
"CVE-2026-6158"
],
"database_specific": {
"cwe_ids": [
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-13T05:16:05Z",
"severity": "MODERATE"
},
"details": "A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.",
"id": "GHSA-3cm3-qfjh-c5x9",
"modified": "2026-04-13T06:30:31Z",
"published": "2026-04-13T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6158"
},
{
"type": "WEB",
"url": "https://github.com/xyh4ck/iot_poc/tree/main/TOTOLINK/N300RHv4/02_setUpgradeUboot_RCE"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/796426"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/357038"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/357038/cti"
},
{
"type": "WEB",
"url": "https://www.totolink.net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3CWW-G5M8-59Q4
Vulnerability from github – Published: 2025-01-14 15:30 – Updated: 2025-11-04 00:32Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the gateway POST parameter.
{
"affected": [],
"aliases": [
"CVE-2024-39763"
],
"database_specific": {
"cwe_ids": [
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T15:15:21Z",
"severity": "CRITICAL"
},
"details": "Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gateway` POST parameter.",
"id": "GHSA-3cww-g5m8-59q4",
"modified": "2025-11-04T00:32:15Z",
"published": "2025-01-14T15:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39763"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2020"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3F44-XW83-3PMG
Vulnerability from github – Published: 2026-01-13 20:29 – Updated: 2026-01-13 20:29Summary
The user-provided string repository in the helmv3 manager is appended to the helm registry login command without proper sanitization.
Details
Adversaries can provide a maliciously crafted Chart.yaml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute arbitrary code.
The value for both uses of the repository variable in lib/modules/manager/helmv3/common.ts are not being escaped using the quote function from the shlex package.
This lack of proper sanitization has been present in the product since version 31.51.0 (https://github.com/renovatebot/renovate/commit/f372a68144a4d78c9f7f418168e4efe03336a432), released on January 24 of 2022.
PoC
- Create a git repo with the following content:
renovate.json5:
{
$schema: "https://docs.renovatebot.com/renovate-schema.json",
customDatasources: {
always: {
defaultRegistryUrlTemplate: "https://docs.renovatebot.com/search/search_index.json",
transformTemplates: ['{"releases":[{"version":"99999.0.0"}]}'],
},
},
// Register any credentials to make the manager attempt to use basic auth for the Helm registry
hostRules: [
{
matchHost: "charts.bitnami.com",
username: "un",
password: "pw",
},
],
packageRules: [
{
// Target of the day
matchManagers: ["helmv3"],
// Don't consult the actual bitnami repo
registryUrls: [],
// But still, trick the manager in believing there's a new version
overrideDatasource: "custom.always",
},
],
}
Chart.yaml:
apiVersion: v2
name: renovate-aci-1
version: 0.0.1
dependencies:
- name: redis
version: 0.1.0
repository: oci://charts.bitnami.com/bitnami || kill 1
Chart.lock:
dependencies:
- name: redis
repository: oci://charts.bitnami.com/bitnami
- Run Renovate against the repo from a Docker container. Notice that the process terminates without reporting "Repository finished", because the ACI vulnerability allowed for execution of
kill 1, terminating the root process of the container.
[!NOTE] This specific proof of concept was made a lot simpler with the introduction of the
overrideDatasourceconfiguration since version 38.120.0 (https://github.com/renovatebot/renovate/commit/a70a6a376d31148e80be5a5c885ac33ff5ddb30c), released on October 12 of 2024, because it means that there is no more need for a proper response from an actual Helm registry on the malformed repository URL.
Impact
This is a Arbitrary Command Injection vulnerability, allowing those with write access on repositories configured to be scanned by Renovate to cause the execution of commands of their choice on the machine that runs Renovate.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "renovate"
},
"ranges": [
{
"events": [
{
"introduced": "31.51.0"
},
{
"fixed": "40.33.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-77"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-13T20:29:12Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nThe user-provided string `repository` in the `helmv3` manager is appended to the `helm registry login` command without proper sanitization.\n\n### Details\nAdversaries can provide a maliciously crafted `Chart.yaml` in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute arbitrary code.\nThe value for both uses of the `repository` variable in [lib/modules/manager/helmv3/common.ts](https://github.com/renovatebot/renovate/blob/b69416ce1745f67c9fc1d149738e2f52feb4f732/lib/modules/manager/helmv3/common.ts) are not being escaped using the `quote` function from the `shlex` package.\nThis lack of proper sanitization has been present in the product since version 31.51.0 (https://github.com/renovatebot/renovate/commit/f372a68144a4d78c9f7f418168e4efe03336a432), released on January 24 of 2022.\n\n### PoC\n1. Create a git repo with the following content:\n\n`renovate.json5`:\n\n```json5\n{\n $schema: \"https://docs.renovatebot.com/renovate-schema.json\",\n customDatasources: {\n always: {\n defaultRegistryUrlTemplate: \"https://docs.renovatebot.com/search/search_index.json\",\n transformTemplates: [\u0027{\"releases\":[{\"version\":\"99999.0.0\"}]}\u0027],\n },\n },\n // Register any credentials to make the manager attempt to use basic auth for the Helm registry\n hostRules: [\n {\n matchHost: \"charts.bitnami.com\",\n username: \"un\",\n password: \"pw\",\n },\n ],\n packageRules: [\n {\n // Target of the day\n matchManagers: [\"helmv3\"],\n // Don\u0027t consult the actual bitnami repo\n registryUrls: [],\n // But still, trick the manager in believing there\u0027s a new version\n overrideDatasource: \"custom.always\",\n },\n ],\n}\n\n```\n\n\n`Chart.yaml`:\n\n```yaml\napiVersion: v2\nname: renovate-aci-1\nversion: 0.0.1\ndependencies:\n - name: redis\n version: 0.1.0\n repository: oci://charts.bitnami.com/bitnami || kill 1\n\n```\n\n\n`Chart.lock`:\n\n```yaml\ndependencies:\n- name: redis\n repository: oci://charts.bitnami.com/bitnami\n```\n\n2. Run Renovate against the repo from a Docker container. Notice that the process terminates without reporting \"Repository finished\", because the ACI vulnerability allowed for execution of `kill 1`, terminating the root process of the container.\n\n\u003e [!NOTE]\n\u003e This specific proof of concept was made a lot simpler with the introduction of the `overrideDatasource` configuration since version 38.120.0 (https://github.com/renovatebot/renovate/commit/a70a6a376d31148e80be5a5c885ac33ff5ddb30c), released on October 12 of 2024, because it means that there is no more need for a proper response from an actual Helm registry on the malformed repository URL.\n\n### Impact\nThis is a Arbitrary Command Injection vulnerability, allowing those with write access on repositories configured to be scanned by Renovate to cause the execution of commands of their choice on the machine that runs Renovate.",
"id": "GHSA-3f44-xw83-3pmg",
"modified": "2026-01-13T20:29:12Z",
"published": "2026-01-13T20:29:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/renovatebot/renovate/security/advisories/GHSA-3f44-xw83-3pmg"
},
{
"type": "PACKAGE",
"url": "https://github.com/renovatebot/renovate"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file"
}
GHSA-3F7R-9X8G-XF8X
Vulnerability from github – Published: 2022-02-20 00:00 – Updated: 2022-03-01 00:00A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.
{
"affected": [],
"aliases": [
"CVE-2022-25131"
],
"database_specific": {
"cwe_ids": [
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-19T00:15:00Z",
"severity": "CRITICAL"
},
"details": "A command injection vulnerability in the function recvSlaveCloudCheckStatus of TOTOLINK Technology routers T6 V3_Firmware T6_V3_V4.1.5cu.748_B20211015 and T10 V2_Firmware V4.1.8cu.5207_B20210320 allows attackers to execute arbitrary commands via a crafted MQTT packet.",
"id": "GHSA-3f7r-9x8g-xf8x",
"modified": "2022-03-01T00:00:46Z",
"published": "2022-02-20T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25131"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/220086"
},
{
"type": "WEB",
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/totolink/vuln_14/14.md"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3F84-J5XW-C967
Vulnerability from github – Published: 2022-05-17 00:28 – Updated: 2025-04-20 03:46UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.
{
"affected": [],
"aliases": [
"CVE-2008-7315"
],
"database_specific": {
"cwe_ids": [
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-10T16:29:00Z",
"severity": "CRITICAL"
},
"details": "UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.",
"id": "GHSA-3f84-j5xw-c967",
"modified": "2025-04-20T03:46:28Z",
"published": "2022-05-17T00:28:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7315"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448"
},
{
"type": "WEB",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=107364"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2008-7315"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/10/08/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/77031/info"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3F94-44JV-M2PQ
Vulnerability from github – Published: 2022-05-17 03:21 – Updated: 2025-04-12 13:07Mailcwp remote file upload vulnerability incomplete fix v1.100
{
"affected": [],
"aliases": [
"CVE-2016-1000156"
],
"database_specific": {
"cwe_ids": [
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-14T18:59:00Z",
"severity": "CRITICAL"
},
"details": "Mailcwp remote file upload vulnerability incomplete fix v1.100",
"id": "GHSA-3f94-44jv-m2pq",
"modified": "2025-04-12T13:07:24Z",
"published": "2022-05-17T03:21:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000156"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/mailcwp"
},
{
"type": "WEB",
"url": "http://www.vapidlabs.com/advisory.php?v=175"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3F95-R44V-8MRG
Vulnerability from github – Published: 2022-03-12 00:00 – Updated: 2022-03-17 21:46The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary command execution.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "simple-git"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24433"
],
"database_specific": {
"cwe_ids": [
"CWE-74",
"CWE-77"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-14T23:30:00Z",
"nvd_published_at": "2022-03-11T17:16:00Z",
"severity": "HIGH"
},
"details": "The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary command execution.",
"id": "GHSA-3f95-r44v-8mrg",
"modified": "2022-03-17T21:46:01Z",
"published": "2022-03-12T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24433"
},
{
"type": "WEB",
"url": "https://github.com/steveukx/git-js/pull/767"
},
{
"type": "PACKAGE",
"url": "https://github.com/steveukx/git-js"
},
{
"type": "WEB",
"url": "https://github.com/steveukx/git-js/releases/tag/simple-git%403.3.0"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2421245"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Command injection in simple-git"
}
Mitigation
If at all possible, use library calls rather than external processes to recreate the desired functionality.
Mitigation
If possible, ensure that all external commands called from the program are statically created.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands.
Mitigation
Assign permissions that prevent the user from accessing/opening privileged files.
CAPEC-136: LDAP Injection
An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
CAPEC-15: Command Delimiters
An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
CAPEC-183: IMAP/SMTP Command Injection
An adversary exploits weaknesses in input validation on web-mail servers to execute commands on the IMAP/SMTP server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.
CAPEC-248: Command Injection
An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.
CAPEC-40: Manipulating Writeable Terminal Devices
This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.
CAPEC-43: Exploiting Multiple Input Interpretation Layers
An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
CAPEC-75: Manipulating Writeable Configuration Files
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.