x/vulndb: potential Go vuln in github.com/OliveTin/OliveTin: GHSA-p3qf-84rg-jxfc #3886
Description
Advisory GHSA-p3qf-84rg-jxfc references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/OliveTin/OliveTin |
Description:
OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.
References:
- ADVISORY: GHSA-p3qf-84rg-jxfc
- ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-50946
- WEB: https://github.com/OliveTin/OliveTin
- WEB: https://github.com/OliveTin/OliveTin/blob/8c073bf45fca6c6eda4e8a9feb182433277343ee/service/internal/executor/arguments.go#L211
- WEB: https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-50946/CVE-2025-50946.md
No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/OliveTin/OliveTin
vulnerable_at: 0.0.0-20250807230716-c526fa323e10
summary: OliveTin OS Command Injection vulnerability in github.com/OliveTin/OliveTin
cves:
- CVE-2025-50946
ghsas:
- GHSA-p3qf-84rg-jxfc
references:
- advisory: https://github.com/advisories/GHSA-p3qf-84rg-jxfc
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-50946
- web: https://github.com/OliveTin/OliveTin
- web: https://github.com/OliveTin/OliveTin/blob/8c073bf45fca6c6eda4e8a9feb182433277343ee/service/internal/executor/arguments.go#L211
- web: https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-50946/CVE-2025-50946.md
source:
id: GHSA-p3qf-84rg-jxfc
created: 2025-08-14T00:01:12.831976938Z
review_status: UNREVIEWED