Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-n4yp-ukdm-tkaz
Vulnerability ID VCID-n4yp-ukdm-tkaz
Aliases CVE-2023-40582
GHSA-95rp-6gqp-6622
Summary find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This issue has been addressed in version 1.0.3. users are advised to upgrade. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.05116 https://api.first.org/data/v1/epss?cve=CVE-2023-40582
epss 0.05116 https://api.first.org/data/v1/epss?cve=CVE-2023-40582
epss 0.05116 https://api.first.org/data/v1/epss?cve=CVE-2023-40582
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-95rp-6gqp-6622
cvssv3.1 9.8 https://github.com/shime/find-exec
generic_textual CRITICAL https://github.com/shime/find-exec
cvssv3.1 9.8 https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c
generic_textual CRITICAL https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c
ssvc Track https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c
cvssv3.1 9.8 https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622
cvssv3.1_qr CRITICAL https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622
generic_textual CRITICAL https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622
ssvc Track https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2023-40582
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2023-40582
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-40582
https://github.com/shime/find-exec
https://nvd.nist.gov/vuln/detail/CVE-2023-40582
74fb108097c229b03d6dba4cce81e36aa364b51c https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c
GHSA-95rp-6gqp-6622 https://github.com/advisories/GHSA-95rp-6gqp-6622
GHSA-95rp-6gqp-6622 https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/shime/find-exec
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:13:32Z/ Found at https://github.com/shime/find-exec/commit/74fb108097c229b03d6dba4cce81e36aa364b51c
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-01T18:13:32Z/ Found at https://github.com/shime/find-exec/security/advisories/GHSA-95rp-6gqp-6622
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-40582
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90057
EPSS Score 0.05116
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:29:41.530442+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/40xxx/CVE-2023-40582.json 38.6.0