Product
high
advisory
Evolver Path Traversal Vulnerability in `fetch` Command
2 rules 2 TTPsA path traversal vulnerability exists in the `fetch` command of `@evomap/evolver` due to insufficient validation of the `--out` flag, allowing attackers to write files to arbitrary locations on the filesystem, potentially leading to overwriting critical system files and privilege escalation.
@evomap/evolver
path-traversal
arbitrary-file-write
privilege-escalation
evolver
2r
2t
critical
advisory
Evolver Remote Code Execution via Command Injection in `_extractLLM()`
2 rules 1 TTPA command injection vulnerability in the `_extractLLM()` function of the evolver application allows remote attackers to execute arbitrary shell commands by injecting shell metacharacters into the `corpus` parameter, leading to potential system compromise.
@evomap/evolver
command-injection
rce
evolver
2r
1t