Description
OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.
Remediation
References
https://jvn.jp/en/jp/JVN56968681/index.html
https://github.com/kujirahand/nadesiko3/issues/1325
https://github.com/kujirahand/nadesiko3/issues/1347
Related Vulnerabilities
CVE-2018-11784 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2019-17267 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2016-10671 Vulnerability in npm package mystem-wrapper
CVE-2022-21704 Vulnerability in npm package log4js
CVE-2023-26920 Vulnerability in maven package org.webjars.npm:fast-xml-parser