Résumé
yt-dlp: Arbitrary command injection possible if --exec option used with yt-dlp
Références
Vulnérabilités liées
Tout Supply chain →- CRITICALGHSA-4H5R-5JM8-JXJM
gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)
- HIGHGHSA-5CJ2-3JR2-5H77
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
- LOWGHSA-CWPP-5962-Q4F6
OpenClaw: Exec allowlist could miss side effects from transparent command wrappers
- HIGHGHSA-7QW2-W5RC-37X2
PraisonAI recipe workflow policy can be bypassed by declaring and YAML-approving dangerous tools outside TEMPLATE.yaml
- HIGHGHSA-5JV7-2MJM-H6QJ
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
- HIGHGHSA-VJV9-7M7J-H833
npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining