Описание
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- Technical Description
- Not Applicable
- Not Applicable
- Not Applicable
- Not Applicable
- ExploitThird Party Advisory
- Third Party Advisory
- Technical Description
- Not Applicable
- Not Applicable
- Not Applicable
- Not Applicable
Уязвимые конфигурации
Конфигурация 1Версия до 21.7.2 (включая)
Одновременно
Одно из
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:haskell:process_library:1.6.19.0:*:*:*:*:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:rust-lang:rust:1.77.2:*:*:*:*:*:*:*
cpe:2.3:a:yt-dlp_project:yt-dlp:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00873
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 9.8
debian
около 1 года назад
A command inject vulnerability allows an attacker to perform command i ...
CVSS3: 9.8
github
около 1 года назад
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
EPSS
Процентиль: 74%
0.00873
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-77