This vulnerability allows arbitrary command execution through a command injection flaw found in the isaacs glob CLI tool. The vulnerability, classified as high severity with a CVSS score of 7.5, affects versions 10.2.0 up to 10.5.0, and 11.0.0 up to 11.1.0. The risk to organizations includes the potential for code execution under user or CI account privileges, which can lead to unauthorized access or system compromise.
The issue arises when using the -c/--cmd option of the glob CLI. Maliciously crafted filenames can leverage shell metacharacters, triggering command injection. Organizations utilizing affected versions should address this vulnerability urgently, as it poses a significant risk in environments where file handling is prevalent.
Given the high severity level of this vulnerability, organizations should prioritize patching immediately. The vulnerability has been addressed in glob versions 10.5.0 and 11.1.0. Ensuring that systems are updated to patched versions is critical to preventing exploitation.
Currently, there are no known public exploits or proofs of concept available, reducing the immediate threat but not eliminating the risk. Organizations must remain vigilant and ensure compliance with security best practices.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)