Description
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.
Remediation
References
https://github.com/zowe/imperative/
Related Vulnerabilities
CVE-2021-34081 Vulnerability in npm package gitsome
CVE-2021-25329 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2021-21353 Vulnerability in npm package pug-code-gen
CVE-2023-20860 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2019-19771 Vulnerability in npm package wallet-address-validtaor