Описание
sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.
EPSS
Процентиль: 83%
0.02012
Низкий
7.5 High
CVSS3
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 7.5
github
3 месяца назад
sqls-server/sqls is vulnerable to command injection in the config command
EPSS
Процентиль: 83%
0.02012
Низкий
7.5 High
CVSS3
Дефекты
CWE-77