Scala.epfl

scala.epfl

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Sbt

sbt

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-32948 1Scala.epfl 1Sbt Mar 26, 2026 Mar 24, 2026 6.7 MEDIUM· v4 7.8 HIGH· v3 N/A· v2 sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process("cmd", "/c", ...) to run VCS commands (git, hg, svn). The URI fragment (branch, tag, revision) is...Show more sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process("cmd", "/c", ...) to run VCS commands (git, hg, svn). The URI fragment (branch, tag, revision) is user-controlled via the build definition and passed to these commands without validation. Because cmd /c interprets &, \|, and ; as command separators, a malicious fragment can execute arbitrary commands. This issue has been patched in version 1.12.7.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2026-32948

1Scala.epfl

1Sbt

Mar 26, 2026

Mar 24, 2026

6.7 MEDIUM· v4

7.8 HIGH· v3

N/A· v2

sbt is a build tool for Scala, Java, and others. From version 0.9.5 to before version 1.12.7, on Windows, sbt uses Process("cmd", "/c", ...) to run VCS commands (git, hg, svn). The URI fragment (branch, tag, revision) is user-controlled via the build definition and passed to these commands without validation. Because cmd /c interprets &, |, and ; as command separators, a malicious fragment can execute arbitrary commands. This issue has been patched in version 1.12.7.Show less