exploitDog

CVE-2026-40030

Опубликовано: 08 апр. 2026

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can provide a crafted volume path via the -v flag that injects arbitrary commands during volume content enumeration.

Ссылки

EPSS

Процентиль: 5%

0.0002

Низкий

7.8 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-pqxv-pjgq-x85w

CVSS3: 7.8

github

2 дня назад

parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can provide a crafted volume path via the -v flag that injects arbitrary commands during volume content enumeration.

EPSS

Процентиль: 5%

0.0002

Низкий

7.8 High

CVSS3

Дефекты

CWE-78