Description
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.
Remediation
References
https://github.com/zowe/imperative/
Related Vulnerabilities
CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.sentsin:layui
CVE-2023-25765 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2019-18212 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.web
CVE-2023-37911 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2020-14966 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign