Browse all 6 CVE security advisories affecting ash-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The ash-project is a Python-based security tool for analyzing shell scripts to detect vulnerabilities and security issues. Historically, it has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, as evidenced by its six recorded CVEs. The tool's static analysis approach sometimes fails to properly sanitize input or handle complex shell constructs, leading to potential bypasses. While no major public security incidents have been documented, the consistent discovery of similar vulnerability classes suggests ongoing challenges in accurately parsing diverse shell script syntaxes and ensuring comprehensive security coverage.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-49756 | AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. — ash_postgresCWE-552 | 5.3 | Medium | 2024-10-23 |
This page lists every published CVE security advisory associated with ash-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.