Description
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.
References (1)
Core 1
Core References
Product product
https://github.com/zowe/imperative/
Scores
CVSS v3
3.3
EPSS
0.0004
EPSS Percentile
11.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (2)
linuxfoundation/zowe
1.16.0 - 1.28.2
zowe/imperative
5.0.0 - 5.7.1npm
Published
Mar 01, 2023
Tracked Since
Feb 18, 2026