CVE-2022-42496: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

December 5, 2022 (updated February 3, 2023)

OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.

References

github.com/kujirahand/nadesiko3/issues/1325
github.com/kujirahand/nadesiko3/issues/1347
jvn.jp/en/jp/JVN56968681/index.html
nvd.nist.gov/vuln/detail/CVE-2022-42496

Detect and mitigate CVE-2022-42496 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →