CVE-2023-40582

Published: Aug 30, 2023Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This issue has been addressed in version 1.0.3. users are advised to upgrade. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source.

Affected (1)

Products: Find Exec Project: Find Exec

Find Exec Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Find Exec Project Find Exec	Before 1.0.3

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c

Source: security-advisories@github.com

Patch

https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622

Source: security-advisories@github.com

Vendor Advisory

https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.