Enviar #757696: HummerRisk <=1.5.0 Command Injectioninformación

TítuloHummerRisk <=1.5.0 Command Injection
DescripciónHummerRisk version <=1.5.0 contains a critical immediate command injection vulnerability in its cloud task dry-run functionality. Attackers with permissions to execute dry-run tasks can inject arbitrary operating system commands through the fileName parameter, which is used directly in command construction without validation and executed immediately upon request.
Fuente⚠️ https://github.com/AnalogyC0de/public_exp/issues/9
Usuario
 Ana10gy (UID 93358)
Sumisión2026-02-13 09:39 (hace 2 meses)
Moderación2026-02-23 19:51 (10 days later)
EstadoAceptado
Entrada de VulDB347416 [HummerRisk hasta 1.5.0 Cloud Task Dry-run CloudTaskService.java CommandUtils.commonExecCmdWithResult fileName escalada de privilegios]
Puntos19

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!