CVE-2025-8022 Information

Description

All versions of the package bun are vulnerable to Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) in the $ shell API due to improper neutralization of user input. An attacker can exploit this by providing specially crafted input that includes command-line arguments or shell metacharacters leading to unintended command execution.

Reference

https://gist.github.com/lirantal/9780d664037f29d5277d7b2bc569d213 https://security.snyk.io/vuln/SNYK-JS-BUN-9510752

Related CNNVD

CNNVD-202507-2974 (Published: 2025-07-23)