Security Advisory

CVE-2022-33127

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-22 19:31:51

Last updated 2024-08-03 08:01:20

Assigner mitre

State PUBLISHED

Description

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.

← Browse all CVEs View on cve.org ↗