CVE-2025-8022

Name of the Vulnerable Software and Affected Versions bun (affected versions not specified)

Description The package is susceptible to Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') within the shell API. This occurs due to insufficient neutralization of user-supplied input. An attacker can leverage this by providing specially crafted input containing command-line arguments or shell metacharacters, potentially resulting in unintended command execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.