Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-6qjf-g333-pv38: Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class

Impact

There is an arbitrary code execution vulnerability in the CsvEnumerator class of the job-iteration repository. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data leakage, or complete system compromise.

Patches

Issue is fixed in versions 1.11.0 and above.

Workarounds

Users can mitigate the risk by avoiding the use of untrusted input in the CsvEnumerator class and ensuring that any file paths are properly sanitized and validated before being passed to the class methods. Users should avoid calling size on enumerators constructed with untrusted CSV filenames.

ghsa
Open in Source
#vulnerability#perl#auth

Impact

There is an arbitrary code execution vulnerability in the CsvEnumerator class of the job-iteration repository. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data leakage, or complete system compromise.

Patches

Issue is fixed in versions 1.11.0 and above.

Workarounds

Users can mitigate the risk by avoiding the use of untrusted input in the CsvEnumerator class and ensuring that any file paths are properly sanitized and validated before being passed to the class methods. Users should avoid calling size on enumerators constructed with untrusted CSV filenames.

References

  • GHSA-6qjf-g333-pv38

ghsa: Latest News

GHSA-32mf-57h2-64x9: XWiki Rendering is vulnerable to RCE attacks when processing nested macros
ghsa