Withdrawn Advisory: Thor can construct an unsafe shell command from library input.
High severity
GitHub Reviewed
Published
Jul 20, 2025
to the GitHub Advisory Database
•
Updated Aug 13, 2025
Withdrawn
This advisory was withdrawn on Aug 13, 2025
Description
Published by the National Vulnerability Database
Jul 20, 2025
Published to the GitHub Advisory Database
Jul 20, 2025
Reviewed
Jul 21, 2025
Withdrawn
Aug 13, 2025
Last updated
Aug 13, 2025
Withdrawn Advisory
This advisory has been withdrawn because the method described can only be used with arguments that are controlled by Thor, and an external attacker cannot access the functionality described in the body of the CVE. This link is maintained to preserve external references.
Original Description
Thor before 1.4.0 can construct an unsafe shell command from library input.
References