CWE-95
AllowedImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Abstraction: Variant · Status: Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
261 vulnerabilities reference this CWE, most recent first.
GHSA-J39P-JF99-V5W8
Vulnerability from github – Published: 2026-06-05 18:31 – Updated: 2026-06-05 18:31Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview (window.eval) and presentation mode plus HTML export (the bundled WaveDrom.ProcessAll()/eva() helpers) - and can also be triggered through a element injected via raw HTML in markdown. When a victim previews or exports a crafted markdown document, an attacker can execute arbitrary code, leading to arbitrary file write. Fixed in 0.8.28 by parsing with JSON5.parse() and sanitizing WaveDrom data scripts to inert strict JSON.
{
"affected": [],
"aliases": [
"CVE-2026-50733"
],
"database_specific": {
"cwe_ids": [
"CWE-95"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-05T18:17:34Z",
"severity": "HIGH"
},
"details": "Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - the live preview (window.eval) and presentation mode plus HTML export (the bundled WaveDrom.ProcessAll()/eva() helpers) - and can also be triggered through a \u003cscript type=\"WaveDrom\"\u003e element injected via raw HTML in markdown. When a victim previews or exports a crafted markdown document, an attacker can execute arbitrary code, leading to arbitrary file write. Fixed in 0.8.28 by parsing with JSON5.parse() and sanitizing WaveDrom data scripts to inert strict JSON.",
"id": "GHSA-j39p-jf99-v5w8",
"modified": "2026-06-05T18:31:41Z",
"published": "2026-06-05T18:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50733"
},
{
"type": "WEB",
"url": "https://github.com/shd101wyy/vscode-markdown-preview-enhanced/issues/2315"
},
{
"type": "WEB",
"url": "https://github.com/shd101wyy/vscode-markdown-preview-enhanced/releases/tag/0.8.28"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/markdown-preview-enhanced-arbitrary-code-execution-via-wavedrom-eval"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J3RV-W43Q-F9X2
Vulnerability from github – Published: 2022-08-18 19:15 – Updated: 2022-08-18 19:15Impact
Our library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function was used to execute strings that begin with "function" as Javascript. This was an oversight that unfortunately allows arbitrary code to be executed if it exists as a value within the JSON structure being displayed. Given that this component may often be used to display data from arbitrary, untrusted sources, this is extremely dangerous.
One important note is that users who have defined a custom onSubmitValueParser callback prop on the JsonTree component should be unaffected. This vulnerability exists in the default onSubmitValueParser prop which calls parse.
Patches
We have decided on a two-pronged approach to patching this vulnerability:
- Create a patch update that adds a workaround which is not enabled by default to preserve backwards-compatibility
- On the next major update, we will enable this workaround by default
The workaround we have decided on is adding a prop to JsonTree called allowFunctionEvaluation. This prop will be set to true in v2.2.2, so you can upgrade without fear of losing backwards-compatibility.
We have also implemented additional security measures as we know many people may not read the details of this vulnerability, and we want to do the best we can to keep you protected. In v2.2.2, we switched from using eval to using Function to construct anonymous functions. This is better than eval for the following reasons:
- Arbitrary code should not be able to execute immediately, since the
Functionconstructor explicitly only creates anonymous functions - Functions are created without local closures, so they only have access to the global scope
This change has brought a slight potential for breaking backwards-compatibility if users for some reason were relying on side-effects of our usage of eval, but that is beyond intended behavior, so we have decided to go ahead with this change and consider it a non-breaking change.
Workarounds
As mentioned above, there are a few scenarios you must consider:
If you use:
- Version <2.2.2, you must upgrade as soon as possible.
- Version ^2.2.2, you must explicitly set JsonTree's allowFunctionEvaluation prop to false to fully mitigate this vulnerability.
- Version >=3.0.0, allowFunctionEvaluation is already set to false by default, so no further steps are necessary.
References
None.
For more information
If you have any questions or comments about this advisory: * Open an issue in the GitHub repo
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "react-editable-json-tree"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-36010"
],
"database_specific": {
"cwe_ids": [
"CWE-95"
],
"github_reviewed": true,
"github_reviewed_at": "2022-08-18T19:15:28Z",
"nvd_published_at": "2022-08-15T19:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nOur library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js). To do this, Javascript\u0027s [`eval`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval) function was used to execute strings that begin with \"function\" as Javascript. This was an oversight that unfortunately allows arbitrary code to be executed if it exists as a value within the JSON structure being displayed. Given that this component may often be used to display data from arbitrary, untrusted sources, this is extremely dangerous.\n\nOne important note is that users who have defined a custom [`onSubmitValueParser`](https://github.com/oxyno-zeta/react-editable-json-tree/tree/09a0ca97835b0834ad054563e2fddc6f22bc5d8c#onsubmitvalueparser) callback prop on the [`JsonTree`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/JsonTree.js) component should be ***unaffected***. This vulnerability exists in the default `onSubmitValueParser` prop which calls [`parse`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/master/src/utils/parse.js#L30).\n\n### Patches\nWe have decided on a two-pronged approach to patching this vulnerability:\n\n1. Create a patch update that adds a workaround **which is not enabled by default** to preserve backwards-compatibility\n2. On the next major update, **we will enable this workaround by default**\n\nThe workaround we have decided on is adding a prop to `JsonTree` called `allowFunctionEvaluation`. This prop will be set to `true` in v2.2.2, so you can upgrade without fear of losing backwards-compatibility.\n\nWe have also implemented additional security measures as we know many people may not read the details of this vulnerability, and we want to do the best we can to keep you protected. In v2.2.2, we switched from using `eval` to using [`Function`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function) to construct anonymous functions. This is better than `eval` for the following reasons:\n\n- Arbitrary code should not be able to execute immediately, since the `Function` constructor explicitly *only creates* anonymous functions\n- Functions are created without local closures, so they only have access to the global scope\n\nThis change has brought a *slight* potential for breaking backwards-compatibility if users for some reason were relying on side-effects of our usage of `eval`, but that is beyond intended behavior, so we have decided to go ahead with this change and consider it a non-breaking change.\n\n### Workarounds\nAs mentioned above, there are a few scenarios you must consider:\n\nIf you use:\n- **Version `\u003c2.2.2`**, you must upgrade as soon as possible.\n- **Version `^2.2.2`**, you must explicitly set `JsonTree`\u0027s `allowFunctionEvaluation` prop to `false` to fully mitigate this vulnerability.\n- **Version `\u003e=3.0.0`**, `allowFunctionEvaluation` is already set to `false` by default, so no further steps are necessary.\n\n### References\nNone.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in the [GitHub repo](https://github.com/oxyno-zeta/react-editable-json-tree)\n",
"id": "GHSA-j3rv-w43q-f9x2",
"modified": "2022-08-18T19:15:28Z",
"published": "2022-08-18T19:15:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/oxyno-zeta/react-editable-json-tree/security/advisories/GHSA-j3rv-w43q-f9x2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36010"
},
{
"type": "PACKAGE",
"url": "https://github.com/oxyno-zeta/react-editable-json-tree"
},
{
"type": "WEB",
"url": "https://github.com/oxyno-zeta/react-editable-json-tree/releases/tag/2.2.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "React Editable Json Tree vulnerable to arbitrary code execution via function parsing"
}
GHSA-J6WG-29XJ-2FJF
Vulnerability from github – Published: 2026-01-18 18:30 – Updated: 2026-01-23 18:31Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.
The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode.
If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.
{
"affected": [],
"aliases": [
"CVE-2026-0863"
],
"database_specific": {
"cwe_ids": [
"CWE-94",
"CWE-95"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-18T16:15:50Z",
"severity": "HIGH"
},
"details": "Using string formatting and exception handling, an attacker may bypass n8n\u0027s python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.\n\nThe vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under \"Internal\" execution mode.\n\nIf the instance is operating under the \"External\" execution mode (ex. n8n\u0027s official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact.",
"id": "GHSA-j6wg-29xj-2fjf",
"modified": "2026-01-23T18:31:28Z",
"published": "2026-01-18T18:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0863"
},
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/commit/b73a4283cb14e0f27ce19692326f362c7bf3da02"
},
{
"type": "WEB",
"url": "https://research.jfrog.com/vulnerabilities/n8n-python-runner-sandbox-escape-jfsa-2026-001651077"
},
{
"type": "WEB",
"url": "https://www.smartkeyss.com/post/cve-2026-0863-python-sandbox-escape-in-n8n-via-exception-formatting-and-implicit-code-execution"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M48C-HXQG-4J76
Vulnerability from github – Published: 2026-06-05 21:32 – Updated: 2026-06-05 21:32Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attackers can exploit the unsanitized passing of wavedrom block content to window.eval() in the VS Code webview context to abuse the extension's message passing and invoke arbitrary file writes on the local filesystem.
{
"affected": [],
"aliases": [
"CVE-2026-11422"
],
"database_specific": {
"cwe_ids": [
"CWE-95"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-05T21:16:29Z",
"severity": "HIGH"
},
"details": "Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attackers can exploit the unsanitized passing of wavedrom block content to window.eval() in the VS Code webview context to abuse the extension\u0027s message passing and invoke arbitrary file writes on the local filesystem.",
"id": "GHSA-m48c-hxqg-4j76",
"modified": "2026-06-05T21:32:04Z",
"published": "2026-06-05T21:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11422"
},
{
"type": "WEB",
"url": "https://github.com/shd101wyy/vscode-markdown-preview-enhanced/issues/2315"
},
{
"type": "WEB",
"url": "https://github.com/shd101wyy/crossnote/commit/5588ca2121c3da43fe331575dc5cf4ef347b91ee"
},
{
"type": "WEB",
"url": "https://github.com/shd101wyy/vscode-markdown-preview-enhanced/commit/dcd80281c986293b93d9f1af34ced64dcb230c77"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/markdown-preview-enhanced-x-code-injection-via-wavedrom-rendering"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M4M7-4CW8-62J6
Vulnerability from github – Published: 2026-07-13 18:37 – Updated: 2026-07-13 18:37Summary
The FileCatalog DatasetManager runs a query on the database and passes the result to eval. The SQL query contains an injection vulnerability which allows an authenticated user to control the parameter returned to the eval resulting in remote code execution.
Details
The FileCatalog checkDataset function passes its datasets argument directly to the backend DB handler: https://github.com/DIRACGrid/DIRAC/blob/f7e0a3ac153315030fb3520e8ca747f013758967/src/DIRAC/DataManagementSystem/Service/FileCatalogHandler.py#L591-L593
Which in turn passes it to the __checkDataset function: https://github.com/DIRACGrid/DIRAC/blob/f7e0a3ac153315030fb3520e8ca747f013758967/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py#L390
This uses an f-string to create a query without escaping, resulting in an SQL injection: https://github.com/DIRACGrid/DIRAC/blob/f7e0a3ac153315030fb3520e8ca747f013758967/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py#L400-L402
The result (which is user controllable due to the SQL injection) is passed into eval almost immediately on return, leading to code execution: https://github.com/DIRACGrid/DIRAC/blob/f7e0a3ac153315030fb3520e8ca747f013758967/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py#L409
There are other functions in the same file which use a similar pattern and would likely be exploitable in a similar way.
Impact
This allows any authenticated user to run commands on the server, which allows a full compromise of the DIRAC system (they can read the local dirac.cfg, get database passwords and export all stored proxies and tokens). If local logging is used, they can also remove evidence of the exploit from the log.
Patched versions:
https://pypi.org/project/DIRAC/8.0.79/ https://pypi.org/project/DIRAC/9.0.22/ https://pypi.org/project/DIRAC/9.1.10/
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "DIRAC"
},
"ranges": [
{
"events": [
{
"introduced": "6"
},
{
"fixed": "8.0.79"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "DIRAC"
},
"ranges": [
{
"events": [
{
"introduced": "8.1.0a1"
},
{
"fixed": "9.0.22"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "DIRAC"
},
"ranges": [
{
"events": [
{
"introduced": "9.1.0"
},
{
"fixed": "9.1.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-61667"
],
"database_specific": {
"cwe_ids": [
"CWE-89",
"CWE-95"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-13T18:37:31Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Summary\nThe FileCatalog DatasetManager runs a query on the database and passes the result to eval. The SQL query contains an injection vulnerability which allows an authenticated user to control the parameter returned to the eval resulting in remote code execution.\n\n### Details\n\nThe FileCatalog checkDataset function passes its datasets argument directly to the backend DB handler:\nhttps://github.com/DIRACGrid/DIRAC/blob/f7e0a3ac153315030fb3520e8ca747f013758967/src/DIRAC/DataManagementSystem/Service/FileCatalogHandler.py#L591-L593\n\nWhich in turn passes it to the __checkDataset function:\nhttps://github.com/DIRACGrid/DIRAC/blob/f7e0a3ac153315030fb3520e8ca747f013758967/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py#L390\n\nThis uses an f-string to create a query without escaping, resulting in an SQL injection:\nhttps://github.com/DIRACGrid/DIRAC/blob/f7e0a3ac153315030fb3520e8ca747f013758967/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py#L400-L402\n\nThe result (which is user controllable due to the SQL injection) is passed into eval almost immediately on return, leading to code execution:\nhttps://github.com/DIRACGrid/DIRAC/blob/f7e0a3ac153315030fb3520e8ca747f013758967/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py#L409\n\nThere are other functions in the same file which use a similar pattern and would likely be exploitable in a similar way.\n\n### Impact\nThis allows any authenticated user to run commands on the server, which allows a full compromise of the DIRAC system (they can read the local dirac.cfg, get database passwords and export all stored proxies and tokens). If local logging is used, they can also remove evidence of the exploit from the log.\n\n### Patched versions:\nhttps://pypi.org/project/DIRAC/8.0.79/\nhttps://pypi.org/project/DIRAC/9.0.22/\nhttps://pypi.org/project/DIRAC/9.1.10/",
"id": "GHSA-m4m7-4cw8-62j6",
"modified": "2026-07-13T18:37:31Z",
"published": "2026-07-13T18:37:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-m4m7-4cw8-62j6"
},
{
"type": "PACKAGE",
"url": "https://github.com/DIRACGrid/DIRAC"
},
{
"type": "WEB",
"url": "https://pypi.org/project/DIRAC/8.0.79"
},
{
"type": "WEB",
"url": "https://pypi.org/project/DIRAC/9.0.22"
},
{
"type": "WEB",
"url": "https://pypi.org/project/DIRAC/9.1.10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "DIRAC is vulnerable to RCE in FileCatalog DatasetManager via SQL injection + eval"
}
GHSA-M6QG-6W6H-V59X
Vulnerability from github – Published: 2026-04-07 15:30 – Updated: 2026-04-07 15:30Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator privileges can inject malicious payloads through computed extrafields or other evaluation paths using PHP dynamic callable syntax to bypass validation and achieve arbitrary command execution via eval().
{
"affected": [],
"aliases": [
"CVE-2026-22666"
],
"database_specific": {
"cwe_ids": [
"CWE-94",
"CWE-95"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-07T13:16:45Z",
"severity": "HIGH"
},
"details": "Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_standard() function that fails to apply forbidden string checks in whitelist mode and does not detect PHP dynamic callable syntax. Attackers with administrator privileges can inject malicious payloads through computed extrafields or other evaluation paths using PHP dynamic callable syntax to bypass validation and achieve arbitrary command execution via eval().",
"id": "GHSA-m6qg-6w6h-v59x",
"modified": "2026-04-07T15:30:49Z",
"published": "2026-04-07T15:30:49Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-vmvw-qq8w-wqhg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22666"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/commit/6f425521b3e6f9f27eca05228e02093dbaa40dea"
},
{
"type": "WEB",
"url": "https://github.com/Dolibarr/dolibarr/releases/tag/23.0.2"
},
{
"type": "WEB",
"url": "https://jivasecurity.com/writeups/dolibarr-remote-code-execution-cve-2026-22666"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/dolibarr-erp-crm-authenticated-rce-via-dol-eval-standard"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MHC6-2GFQ-XX62
Vulnerability from github – Published: 2026-07-01 20:44 – Updated: 2026-07-01 20:44Impact
A critical command injection vulnerability has been identified in the Rancher Manager cluster import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters. This endpoint accepts an authImage query parameter that is rendered without sanitization into a generated Kubernetes manifest template. By including URL-encoded newlines in the parameter value, an attacker can break out of the image: field to inject arbitrary YAML keys and malicious configurations, such as commands to execute malicious containers.
Exploitation of this vulnerability requires the following conditions to be met:
- Attackers must obtain a valid cluster registration token (these tokens may be exposed, for example, through documentation, screenshots, or insecure communication channels).
- The victim’s cluster operator must execute kubectl apply against a maliciously crafted URL.
When a victim applies this compromised manifest using kubectl apply, a DaemonSet is deployed with the injected configuration. This DaemonSet:
- Runs on all control-plane nodes with hostNetwork: true enabled.
- Uses the cattle service account, which possesses cluster-admin privileges.
- Mounts /etc/kubernetes directly from the host.
- Executes attacker-controlled commands via the injected command: field.
An attacker who successfully exploits this vulnerability could:
- Achieve full control over downstream Kubernetes clusters.
- Execute arbitrary code on control-plane nodes with elevated privileges.
- Access sensitive cluster secrets and configurations via the privileged service account.
- Disrupt cluster operations by manipulating critical control-plane workloads.
- Establish persistent access through the deployed DaemonSet.
Note: If you believe that you might have been impacted by this vulnerability, it's highly advised to review your clusters' logs and deployment logs for signs of malicious deployments and to rotate all service accounts and credentials that might have been exposed in such a scenario.
Please refer to the associated MITRE ATT&CK - Technique - Deploy Container for further information about this category of attack.
Patches
This vulnerability is addressed by validating the authImage parameter to ensure it contains only valid OCI image reference characters, rejecting any input containing newlines, whitespace, or other characters that could break YAML syntax.
Patched versions of Rancher include release v2.14.2, v2.13.6, v2.12.10, v2.11.14 and v2.10.12.
Workarounds
If upgrading to a patched version immediately is not feasible, users are encouraged to apply the following workaround:
- Review the
kube-api-authDaemonSet: Inspect downstream clusters for thekube-api-authDaemonSet within thecattle-systemnamespace (which targets control-plane nodes). Review this resource configuration carefully for: - Unexpected
command:orargs:fields in the container specification. - References to non-standard or suspicious container images.
- Any modifications occurring after the initial cluster import.
- Validate manifest integrity: Before running
kubectl applyon any import manifests, verify that the source URLs originate from trusted sources and match expected patterns.
Credits
This security issue was reported by the following collaborators according to our responsible disclosure policy:
- Radisauskas Arnoldas from NATO and the NATO Cyber Security Centre (NCSC).
- Michael Wollner from Deutsche Telekom AG.
References
If you have any questions or comments about this advisory: - Reach out to the SUSE Rancher Security team for security related inquiries. - Open an issue in the Rancher repository. - Verify with our support matrix and product support lifecycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.14.0"
},
{
"fixed": "2.14.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.13.0"
},
{
"fixed": "2.13.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.12.0"
},
{
"fixed": "2.12.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.11.0"
},
{
"fixed": "2.11.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.10.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/rancher"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20260617231817-2aa77eb283e7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44939"
],
"database_specific": {
"cwe_ids": [
"CWE-95"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-01T20:44:33Z",
"nvd_published_at": "2026-06-19T13:16:30Z",
"severity": "CRITICAL"
},
"details": "### Impact\nA critical command injection vulnerability has been identified in the Rancher Manager cluster import endpoint `/v3/import/{token}_{clusterId}.yaml` through unsanitized YAML parameters. This endpoint accepts an `authImage` query parameter that is rendered without sanitization into a generated Kubernetes manifest template. By including URL-encoded newlines in the parameter value, an attacker can break out of the `image:` field to inject arbitrary YAML keys and malicious configurations, such as commands to execute malicious containers.\n\nExploitation of this vulnerability requires the following conditions to be met:\n- Attackers must obtain a valid cluster registration token (these tokens may be exposed, for example, through documentation, screenshots, or insecure communication channels).\n- The victim\u2019s cluster operator must execute `kubectl apply` against a maliciously crafted URL. \n\nWhen a victim applies this compromised manifest using `kubectl apply`, a DaemonSet is deployed with the injected configuration. This DaemonSet:\n- Runs on all control-plane nodes with `hostNetwork: true` enabled.\n- Uses the `cattle` service account, which possesses `cluster-admin` privileges.\n- Mounts `/etc/kubernetes` directly from the host.\n- Executes attacker-controlled commands via the injected `command:` field.\n\nAn attacker who successfully exploits this vulnerability could:\n\n- Achieve full control over downstream Kubernetes clusters.\n- Execute arbitrary code on control-plane nodes with elevated privileges.\n- Access sensitive cluster secrets and configurations via the privileged service account.\n- Disrupt cluster operations by manipulating critical control-plane workloads.\n- Establish persistent access through the deployed DaemonSet.\n\n**Note:** If you believe that you might have been impacted by this vulnerability, it\u0027s highly advised to review your clusters\u0027 logs and deployment logs for signs of malicious deployments and to rotate all service accounts and credentials that might have been exposed in such a scenario.\n\nPlease refer to the associated [MITRE ATT\u0026CK - Technique - Deploy Container](https://attack.mitre.org/techniques/T1610/) for further information about this category of attack.\n\n### Patches\nThis vulnerability is addressed by validating the `authImage` parameter to ensure it contains only valid OCI image reference characters, rejecting any input containing newlines, whitespace, or other characters that could break YAML syntax.\n\nPatched versions of Rancher include release `v2.14.2`, `v2.13.6`, `v2.12.10`, `v2.11.14` and `v2.10.12`. \n\n### Workarounds\nIf upgrading to a patched version immediately is not feasible, users are encouraged to apply the following workaround: \n\n- Review the `kube-api-auth` DaemonSet: Inspect downstream clusters for the `kube-api-auth` DaemonSet within the `cattle-system` namespace (which targets control-plane nodes). Review this resource configuration carefully for:\n - Unexpected `command:` or `args:` fields in the container specification.\n - References to non-standard or suspicious container images.\n - Any modifications occurring after the initial cluster import.\n- Validate manifest integrity: Before running `kubectl apply` on any import manifests, verify that the source URLs originate from trusted sources and match expected patterns.\n\n### Credits\n\nThis security issue was reported by the following collaborators according to our responsible disclosure policy:\n\n- Radisauskas Arnoldas from NATO and the NATO Cyber Security Centre (NCSC).\n- Michael Wollner from Deutsche Telekom AG.\n\n### References\nIf you have any questions or comments about this advisory:\n- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.\n- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).",
"id": "GHSA-mhc6-2gfq-xx62",
"modified": "2026-07-01T20:44:33Z",
"published": "2026-07-01T20:44:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-mhc6-2gfq-xx62"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44939"
},
{
"type": "WEB",
"url": "https://github.com/rancher/rancher/commit/2aa77eb283e7451d605fb85e1bd9b1791cd73875"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/rancher"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Rancher vulnerable to command injection through unsanitized YAML parameter"
}
GHSA-MPCW-3J5P-P99X
Vulnerability from github – Published: 2024-10-24 18:27 – Updated: 2024-10-24 18:27Summary
Usage of the Butterfly.prototype.parseJSON or getJSON functions on an attacker-controlled crafted input string allows the attacker to execute arbitrary JavaScript code on the server.
Since Butterfly JavaScript code has access to Java classes, it can run arbitrary programs.
Details
The parseJSON function (edu/mit/simile/butterfly/Butterfly.js:64) works by calling eval, an approach that goes back to the original library by Crockford, before JSON was part of the ECMAScript language. It uses a regular expression to remove strings from the input, then checks that there are no unexpected characters in the non-string remainder.
However, the regex is imperfect, as was discovered earlier by Mike Samuel; specifically, the "cleaner" can be tricked into treating part of the input as a string that the "evaluator" does not, because of a difference in interpretation regarding the the Unicode zero-width joiner character. Representing that character with a visible symbol, a malicious input looks like:
"\�\", Packages.java.lang.Runtime.getRuntime().exec('gnome-calculator')) // "
This is understood...
- by
JSON_cleaning_REas a single string, and because it is a string it can be collapsed to nothing, which is not problematic, so the original input proceeds toeval. - by the
evalfunction, which ignores zero-width joiners entirely, as a string containing a single escaped backslash, followed by a comma, then a function call, closing parenthesis, and finally a line comment.
The function call is evaluated, and a calculator is opened.
Possible mitigations and additional defenses could include:
- Replacing the JSON implementation with Rhino's built-in implementation.
- Dropping all JSON-related and JSONP-related code entirely.
- Restricting the access the JavaScript controller code has to the rest of the system by using
initSafeStandardObjectsinstead ofinitStandardObjects, usingsetClassShutter, and so on.
PoC
Change OpenRefine core controller.js to add a call to the vulnerable getJSON function:
diff --git a/main/webapp/modules/core/MOD-INF/controller.js b/main/webapp/modules/core/MOD-INF/controller.js
index 4ceba0676..1ce0936d2 100644
--- a/main/webapp/modules/core/MOD-INF/controller.js
+++ b/main/webapp/modules/core/MOD-INF/controller.js
@@ -631,0 +632,5 @@ function process(path, request, response) {
+ if (path == "getjsontest") {
+ butterfly.getJSON(request);
+ return true;
+ }
+
Then, restart OpenRefine and submit the malicious request. For example, the following bash command (with $' quoting) should do it:
curl -H 'Content-Type: application/json;charset=utf-8' --data $'"\\\u200d\\", Packages.java.lang.Runtime.getRuntime().exec(\'gnome-calculator\')) // "' http://localhost:3333/getjsontest
Impact
Any JavaScript controller that calls one of these functions is vulnerable to remote code execution.
OpenRefine itself seems unaffected; both OpenRefine and jQuery have their own functions also called parseJSON and getJSON, but those are unrelated.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.openrefine.dependencies:butterfly"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-185",
"CWE-95"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-24T18:27:50Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nUsage of the `Butterfly.prototype.parseJSON` or `getJSON` functions on an attacker-controlled crafted input string allows the attacker to execute arbitrary JavaScript code on the server.\n\nSince Butterfly JavaScript code has access to Java classes, it can run arbitrary programs.\n\n### Details\n\nThe `parseJSON` function (edu/mit/simile/butterfly/Butterfly.js:64) works by calling `eval`, an approach that goes back to the original library by Crockford, before JSON was part of the ECMAScript language. It uses a regular expression to remove strings from the input, then checks that there are no unexpected characters in the non-string remainder.\n\nHowever, the regex is imperfect, as was [discovered earlier by Mike Samuel](https://dev.to/mikesamuel/2008-silently-securing-jsonparse-5cbb); specifically, the \"cleaner\" can be tricked into treating part of the input as a string that the \"evaluator\" does not, because of a difference in interpretation regarding the [the Unicode zero-width joiner character](https://unicode-explorer.com/c/200D). Representing that character with a visible symbol, a malicious input looks like:\n\n```js\n\"\\\ufffd\\\", Packages.java.lang.Runtime.getRuntime().exec(\u0027gnome-calculator\u0027)) // \"\n```\n\nThis is understood...\n\n* by `JSON_cleaning_RE` as a single string, and because it is a string it can be collapsed to nothing, which is not problematic, so the original input proceeds to `eval`.\n* by the `eval` function, which ignores zero-width joiners entirely, as a string containing a single escaped backslash, followed by a comma, then a function call, closing parenthesis, and finally a line comment.\n \nThe function call is evaluated, and a calculator is opened.\n\nPossible mitigations and additional defenses could include:\n\n* Replacing the JSON implementation with Rhino\u0027s built-in implementation.\n* Dropping all JSON-related and JSONP-related code entirely.\n* Restricting the access the JavaScript controller code has to the rest of the system by using `initSafeStandardObjects` instead of `initStandardObjects`, using `setClassShutter`, and so on.\n\n### PoC\n\nChange OpenRefine `core` `controller.js` to add a call to the vulnerable `getJSON` function:\n\n```diff\ndiff --git a/main/webapp/modules/core/MOD-INF/controller.js b/main/webapp/modules/core/MOD-INF/controller.js\nindex 4ceba0676..1ce0936d2 100644\n--- a/main/webapp/modules/core/MOD-INF/controller.js\n+++ b/main/webapp/modules/core/MOD-INF/controller.js\n@@ -631,0 +632,5 @@ function process(path, request, response) {\n+ if (path == \"getjsontest\") {\n+ butterfly.getJSON(request);\n+ return true;\n+ }\n+\n```\n\nThen, restart OpenRefine and submit the malicious request. For example, the following `bash` command (with $\u0027 quoting) should do it:\n\n```\ncurl -H \u0027Content-Type: application/json;charset=utf-8\u0027 --data $\u0027\"\\\\\\u200d\\\\\", Packages.java.lang.Runtime.getRuntime().exec(\\\u0027gnome-calculator\\\u0027)) // \"\u0027 http://localhost:3333/getjsontest\n```\n\n### Impact\n\nAny JavaScript controller that calls one of these functions is vulnerable to remote code execution.\n\nOpenRefine itself seems unaffected; both OpenRefine and jQuery have their own functions also called parseJSON and getJSON, but those are unrelated.",
"id": "GHSA-mpcw-3j5p-p99x",
"modified": "2024-10-24T18:27:50Z",
"published": "2024-10-24T18:27:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-mpcw-3j5p-p99x"
},
{
"type": "WEB",
"url": "https://github.com/OpenRefine/simile-butterfly/commit/2ad1fa4cd8afe3c920c8e6e04fe7a7df5cf8294e"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenRefine/simile-butterfly"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Butterfly\u0027s parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)"
}
GHSA-P2QJ-R53J-H3XJ
Vulnerability from github – Published: 2024-09-19 06:31 – Updated: 2024-09-19 18:23langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "langchain-experimental"
},
"ranges": [
{
"events": [
{
"introduced": "0.1.17"
},
{
"last_affected": "0.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-46946"
],
"database_specific": {
"cwe_ids": [
"CWE-95"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-19T18:23:47Z",
"nvd_published_at": "2024-09-19T05:15:11Z",
"severity": "CRITICAL"
},
"details": "langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05).",
"id": "GHSA-p2qj-r53j-h3xj",
"modified": "2024-09-19T18:23:47Z",
"published": "2024-09-19T06:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46946"
},
{
"type": "WEB",
"url": "https://docs.sympy.org/latest/modules/codegen.html"
},
{
"type": "WEB",
"url": "https://gist.github.com/12end/68c0c58d2564ef4141bccd4651480820#file-cve-2024-46946-txt"
},
{
"type": "PACKAGE",
"url": "https://github.com/langchain-ai/langchain"
},
{
"type": "WEB",
"url": "https://github.com/langchain-ai/langchain/releases/tag/langchain-experimental%3D%3D0.3.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "LangChain Experimental Eval Injection vulnerability"
}
GHSA-P6F4-6QXG-8XQV
Vulnerability from github – Published: 2026-03-29 03:30 – Updated: 2026-03-31 21:31GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization.
GRID::Machine provides Remote Procedure Calls (RPC) over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary code back on the client through unsafe deserialization in the RPC protocol.
read_operation() in lib/GRID/Machine/Message.pm deserialises values from the remote side using eval()
$arg .= '$VAR1'; my $val = eval "no strict; $arg"; # line 40-41
$arg is raw bytes from the protocol pipe. A compromised remote host can embed arbitrary perl in the Dumper-formatted response:
$VAR1 = do { system("..."); };
This executes on the client silently on every RPC call, as the return values remain correct.
This functionality is by design but the trust requirement for the remote host is not documented in the distribution.
{
"affected": [],
"aliases": [
"CVE-2026-4851"
],
"database_specific": {
"cwe_ids": [
"CWE-95"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-29T01:15:56Z",
"severity": "CRITICAL"
},
"details": "GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization.\n\nGRID::Machine provides Remote Procedure Calls (RPC) over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary code back on the client through unsafe deserialization in the RPC protocol.\n\nread_operation() in lib/GRID/Machine/Message.pm deserialises values from the remote side using eval()\n\n $arg .= \u0027$VAR1\u0027;\n my $val = eval \"no strict; $arg\"; # line 40-41\n\n$arg is raw bytes from the protocol pipe. A compromised remote host can embed arbitrary perl in the Dumper-formatted response:\n\n $VAR1 = do { system(\"...\"); };\n\nThis executes on the client silently on every RPC call, as the return values remain correct.\n\nThis functionality is by design but the trust requirement for the remote host is not documented in the distribution.",
"id": "GHSA-p6f4-6qxg-8xqv",
"modified": "2026-03-31T21:31:18Z",
"published": "2026-03-29T03:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4851"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/03/26/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/03/26/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Refactoring
If possible, refactor your code so that it does not need to use eval() at all.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.
- Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content.
Mitigation
For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.