Description
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.
Remediation
References
https://github.com/zowe/imperative/
Related Vulnerabilities
CVE-2019-19771 Vulnerability in npm package babel-loadre
CVE-2019-19771 Vulnerability in npm package we3b
CVE-2020-26256 Vulnerability in npm package @fast-csv/parse
CVE-2021-29060 Vulnerability in npm package color-string
CVE-2022-41237 Vulnerability in maven package com.groupon.jenkins-ci.plugins:dotci