How severe is CVE-2023-26143?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2023-26143?

This is classified as CWE-88, which is a common weakness in software security.

CVE-2023-26143

CRITICAL Year: 2023

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-88

View all →

Vulnerability Description

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.

CVE-2021-33473

CRITICAL

CVSS:9.1(Critical)

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafte...

CWE-882021

CVE-2022-1399

CRITICAL

CVSS:9.1(Critical)

An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appli...

CWE-882022

CVE-2024-38655

CRITICAL

CVSS:9.1(Critical)

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privile...

CWE-882024

CVE-2024-38656

CRITICAL

CVSS:9.1(Critical)

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achiev...

CWE-882024

CVE-2024-39710

CRITICAL

CVSS:9.1(Critical)

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achiev...

CWE-882024