1 results (0.008 seconds)
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0
CVE-2023-42658 – InSpec Archive Command Vulnerable to Maliciously Crafted Profile
https://notcve.org/view.php?id=CVE-2023-42658
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. El comando de archivo en Chef InSpec anteriores a 4.56.58 y 5.22.29 permite la ejecución de comandos locales a través de un perfil creado con fines malintencionados. • https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658 https://docs.chef.io/inspec/cli https://docs.chef.io/release_notes_inspec • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •