Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
PR:L for a GitHub account able to file a PR; AC:H and UI:R because a maintainer must be social-engineered into merging; S:C as code executes in the trusted CI runner context.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json, which are interpolated unsanitized into a child_process.execSync() call in the release.yml workflow. Attackers can have a malicious pull request merged to trigger the GitHub Actions runner with contents write permissions and access to GITHUB_TOKEN.
AnalysisAI
Command injection in KanaDojo's GitHub Actions release workflow (release.yml) allows attackers who can land a pull request to execute arbitrary commands on the repository's CI runner. The version and changes fields of patchNotesData.json are interpolated unsanitized into a child_process.execSync() call, granting any merged malicious PR access to GITHUB_TOKEN and contents:write permissions. No public exploit identified at time of analysis, but the supply-chain blast radius is significant for downstream KanaDojo consumers.
Technical ContextAI
The root cause is CWE-78 (Improper Neutralization of Special Elements used in an OS Command). The vulnerable component is the project's GitHub Actions release.yml workflow, which reads attacker-controllable JSON content (patchNotesData.json) and concatenates it directly into a Node.js child_process.execSync() shell invocation. Because execSync runs the resulting string through /bin/sh, shell metacharacters (;, backticks, $(), |, &&) embedded in the JSON fields are interpreted rather than treated as data. The affected CPE is cpe:2.3:a:lingdojo:kana-dojo (all versions prior to the v0.1.18 release tag).
RemediationAI
Upgrade to KanaDojo v0.1.18 or later, which corresponds to the upstream fix referenced at https://github.com/lingdojo/kana-dojo/releases/tag/v0.1.18 (vendor-released patch: 0.1.18). If immediate upgrade is not possible, replace the vulnerable execSync() interpolation in release.yml with execFile() or spawn() using an argument array so that JSON values cannot be parsed as shell syntax, or load and pass patchNotesData.json values exclusively through environment variables consumed by a parameterized script. Operationally, require maintainer review of any PR that touches patchNotesData.json or workflow files, restrict workflow_run / pull_request_target triggers, and scope GITHUB_TOKEN permissions to the minimum required (set permissions: contents: read where possible) - note the trade-off that tightening permissions may break legitimate release automation that relies on contents:write.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36284
GHSA-g3g7-r6qj-455p