{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46937?format=json","vulnerability_id":"VCID-uhup-k3jd-1bgq","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in PowerShell.","aliases":[{"alias":"GHSA-jcmq-5rrv-j2g4"},{"alias":"GMS-2024-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59840?format=json","purl":"pkg:nuget/PowerShell@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-35e6-fjfc-p3h1"},{"vulnerability":"VCID-5fcr-6vvj-63ds"},{"vulnerability":"VCID-5g81-47aw-cufw"},{"vulnerability":"VCID-knv1-ccs2-z3h9"},{"vulnerability":"VCID-me5j-8vrk-qbcs"},{"vulnerability":"VCID-xj2e-wyk5-jub6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@7.0.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/712829?format=json","purl":"pkg:nuget/PowerShell@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uhup-k3jd-1bgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/712830?format=json","purl":"pkg:nuget/PowerShell@6.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uhup-k3jd-1bgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@6.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/712831?format=json","purl":"pkg:nuget/PowerShell@6.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uhup-k3jd-1bgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@6.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/712832?format=json","purl":"pkg:nuget/PowerShell@6.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uhup-k3jd-1bgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@6.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/712833?format=json","purl":"pkg:nuget/PowerShell@6.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uhup-k3jd-1bgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@6.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/712834?format=json","purl":"pkg:nuget/PowerShell@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uhup-k3jd-1bgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@6.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/712835?format=json","purl":"pkg:nuget/PowerShell@6.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-uhup-k3jd-1bgq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/PowerShell@6.2.7"}],"references":[{"reference_url":"https://github.com/advisories/GHSA-jcmq-5rrv-j2g4","reference_id":"GHSA-jcmq-5rrv-j2g4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jcmq-5rrv-j2g4"},{"reference_url":"https://github.com/PowerShell/PowerShell/security/advisories/GHSA-jcmq-5rrv-j2g4","reference_id":"GHSA-jcmq-5rrv-j2g4","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/PowerShell/PowerShell/security/advisories/GHSA-jcmq-5rrv-j2g4"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":78,"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uhup-k3jd-1bgq"}