Skip to content

[GHSA-5j98-mcp5-4vw2] glob@10.4.5: Command injection via -c/--cmd #110

New issue
New issue
Open
Open
[GHSA-5j98-mcp5-4vw2] glob@10.4.5: Command injection via -c/--cmd#110
Labels
securitySecurity-related issuesvulnerabilityDependency vulnerability
@nthmost-orkes

Description

@nthmost-orkes
nthmost-orkes
opened on Feb 27, 2026

Vulnerability Report

CVE Library Installed Fixed
GHSA-5j98-mcp5-4vw2 glob 10.4.5 10.5.0

Summary

glob CLI: Command injection via -c/--cmd executes matches with shell:true.

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    securitySecurity-related issuesvulnerabilityDependency vulnerability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions