Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this issue to cause shell-quote to crash, resulting in a denial of service, or execute arbitrary code.

#DDoS

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

USN-8410-1: shell-quote vulnerability

VERWANDTEARTIKEL

[High] CVE-2026-41849 – An integer overflow vulnerability exists in the evaluation logic of the Spring E...

[High] CVE-2026-41850 – Applications that evaluate user-supplied Spring Expression Language (SpEL) expre...

[Medium] CVE-2026-41851 – Applications which accept user-supplied Spring Expression Language (SpEL) expres...

[High] CVE-2026-41842 – Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) at...

[Low] CVE-2026-41848 – Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS)...

[Medium] CVE-2026-35058 – Improper validation of packet length during tls-crypt-v2 key extraction in OpenV...