Code injection in dye template expressions_CVE-2026-35197

6.6 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Description

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1.

Basic Information

ID CVE-2026-35197

Source GitHub_M

Published Apr 6, 2026 at 19:39

Modified Apr 7, 2026 at 16:11

Affected Product

Vendor mattieb

Product dye

Version < 1.1.1

Affected Versions mattieb dye < 1.1.1

CWE Classification

CWE-94

References

{
    "lastseen": "",
    "description": "dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1.",
    "published": "2026-04-06T19:39:23.095Z",
    "modified": "2026-04-07T16:11:34.861Z",
    "type": "cve",
    "title": "Code injection in dye template expressions",
    "source": "GitHub_M",
    "references": "https://github.com/mattieb/dye/security/advisories/GHSA-3v4r-5vfh-3wjr\nhttps://mattiebee.io/dye-template-advisory",
    "id": "CVE-2026-35197",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "mattieb dye < 1.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 6.6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "dye",
    "version": "< 1.1.1",
    "vendor": "mattieb",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}