-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stemmed from improper shell command construction in Sheepdog backend operations. Patch discussions explicitly show removal of shell=True and parameter handling changes in _run_command. This function directly processes image location values that were controllable by attackers, making it the injection point. The function signature matches the call pattern that would appear in stack traces during exploitation when processing malicious image locations.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| glance | pip | >= 2013.2, < 2013.2.4 | 2013.2.4 |
Ongoing coverage of React2Shell