CVE-2022-41642: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

December 5, 2022 (updated December 6, 2022)

OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.

References

github.com/kujirahand/nadesiko3/issues/1325
github.com/kujirahand/nadesiko3/issues/1347
jvn.jp/en/jp/JVN56968681/index.html
nvd.nist.gov/vuln/detail/CVE-2022-41642

Detect and mitigate CVE-2022-41642 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →