CVE-2023-40582

Name of the Vulnerable Software and Affected Versions find-exec versions prior to 1.0.3

Description The issue is related to Command Injection, where attackers may run malicious shell commands in the context of the running process due to improper escaping of user input. This can be achieved via an attacker-controlled parameter. As a result, attackers may execute malicious commands, posing a serious threat. For example, an attacker can create a file named "hacked" on the filesystem by exploiting this issue.

Recommendations For versions prior to 1.0.3, users are advised to upgrade to version 1.0.3 to address the issue. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source. As a temporary workaround, consider restricting the use of the find-exec utility to prevent attackers from controlling commands. Avoid using untrusted input in the find-exec utility until the issue is resolved.