CVE-2023-26107: Code Injection
First published: Mon Mar 06 2023(Updated: )
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.
Credit: report@snyk.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ebay Sketchsvg |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/tags
- agent/type
- agent/event
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/ebay
- canonical/ebay sketchsvg