CVE-2025-48069

Name of the Vulnerable Software and Affected Versions ejson2env versions prior to 2.0.8

Description The issue is related to inadequate output sanitization in the ejson2env tool, which can lead to command injection. This occurs when variable names or values contain malicious content, resulting in unintended commands being output to stdout. If this output is improperly utilized in further command execution, an attacker could execute arbitrary commands on the host system.

Recommendations For versions prior to 2.0.8, update to version 2.0.8, which sanitizes output during decryption. As a temporary workaround, consider avoiding the use of ejson2env to decrypt untrusted user secrets. Restrict evaluating or executing the direct output from ejson2env without removing nonprintable characters.