CVE-2023-26107

Name of the Vulnerable Software and Affected Versions sketchsvg versions all

Description The issue is related to Arbitrary Code Injection when invoking shell.exec without proper sanitization or parametrization, specifically while concatenating the current directory as part of the command string. This allows for potential code injection attacks.

Recommendations For all versions, consider disabling the shell.exec function until a patch is available to prevent Arbitrary Code Injection attacks. Restrict access to sensitive directories and ensure proper sanitization and parametrization of command strings to minimize the risk of exploitation.