VDB

GHSA-5j98-mcp5-4vw2

GHSA-5j98-mcp5-4vw2 PUBLISHED CVSS 7.5 HIGH

glob CLI: Command injection via -c/--cmd executes matches with shell:true

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
csaf_redhatregistry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:64308943c63d677df745451e7a9b9136e23b815c9d1950d6cf46b53859834655_s390x
csaf_redhatregistry.redhat.io/rhoai/odh-kserve-router-rhel9@sha256:605f8418c5c32d9a0936b4563a79fca6eeaef3bba7ca1b6abb91b0b1e84e4dd3_ppc64le
csaf_redhatregistry.redhat.io/rhoai/odh-kserve-storage-initializer-rhel9@sha256:83e3b3a60fc284de9efd3dcf90cf5f744dd24cbc0a27d0d964676d93c8637750_amd64
csaf_redhatregistry.redhat.io/rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9@sha256:8fbb5bf15f7bd12943907a7a8f25288e994b6abdc990daac43402356d1f09caf_amd64
csaf_redhatregistry.redhat.io/openshift-pipelines/pipelines-pruner-controller-rhel9@sha256:7067b2346190b5b6a060c03bf4b4c249a0f80081c05392f5657384b223436fa8_arm64
csaf_redhatregistry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:7185a8f744022307c7a178d35e7ae32d7797eed4f9379b2dba8954e2856f2ed1_amd64
csaf_redhatregistry.redhat.io/rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9@sha256:d99b05c3c886785d07aeb596e6aa67140789cf9c76f29aa837bbbebde35ad503_arm64
csaf_redhatregistry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64
csaf_redhatregistry.redhat.io/devspaces/udi-base-rhel9@sha256:cc54713d9a3f0a44403d9c8d13ae1f9179e2af96b144366b6ae7e753dab4ce70_amd64
csaf_redhatregistry.redhat.io/devspaces/udi-rhel9@sha256:da6e70b4d7cf45da59e36c7741f532d9bfed498a00082560a34491419016c437_arm64
csaf_redhatregistry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:85b7d05d935a5d86fc0695ef7ab7edefd27c2674bd35a4e5997b6ac7bbbaa2a8_arm64
csaf_redhatregistry.redhat.io/rhoai/odh-ta-lmes-job-rhel9@sha256:081478c813d8d7dda1671c1ab3b1c4b2a5a7c2284e656376bdbe799dad16b741_ppc64le
csaf_redhatregistry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:91549345e194052fa0248082962e552ea46548a5981f9975e439791ee1ecbe23_amd64
csaf_redhatregistry.redhat.io/openshift-pipelines/pipelines-events-rhel9@sha256:8736b16bee608eba7c8506963419149631fe93bdf30b71c3785391e01b803ba5_amd64
csaf_redhatregistry.redhat.io/rhoai/odh-guardrails-detector-huggingface-runtime-rhel9@sha256:58b3f92c655e1f6eb35e06fd22e414cfd2a8505afe885d480d0d7c191702ecd5_amd64
csaf_opensuseopa-1.11.0-1.1.ppc64le
csaf_redhatregistry.redhat.io/rhoai/odh-trustyai-vllm-orchestrator-gateway-rhel9@sha256:03fbe59cc2e329d46a68c2bf6910dca8340f94fe653d52d96291ad5d9d6868f7_arm64
csaf_redhatregistry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:26ddaf38319c0ae0e2c82eb51fc79eba9595c3fdfa1c7073679c5b01ef60bb0e_s390x
csaf_redhatregistry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:82354d2dba5f494dc39f2d5e5429d3ca0bac0155f93e1aacec90fcf082e25213_arm64
csaf_redhatregistry.redhat.io/openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9@sha256:1591e38eae1b07ce0fc75a9eb60d97126fb7d36eddd5746686e4570fb1b81427_ppc64le

…and 481 more

Exploit Intelligence

…and 465 more exploits

Timeline

  • CVE Published
  • Feb 28, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
  • Mar 2, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›