{"id":"CVE-2023-42658","summary":"InSpec Archive Command Vulnerable to Maliciously Crafted Profile","details":"\nArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.","modified":"2026-05-18T05:55:32.433710434Z","published":"2023-10-31T14:08:03.537Z","database_specific":{"cwe_ids":["CWE-917","CWE-94"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42658.json","cna_assigner":"ProgressSoftware"},"references":[{"type":"WEB","url":"https://community.chef.io/downloads/tools/inspec?os=windows"},{"type":"ADVISORY","url":"https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658"},{"type":"ADVISORY","url":"https://docs.chef.io/inspec/cli/"},{"type":"ADVISORY","url":"https://docs.chef.io/release_notes_inspec/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/42xxx/CVE-2023-42658.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42658"},{"type":"PACKAGE","url":"https://github.com/inspec/inspec"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/inspec/inspec","events":[{"introduced":"3ce1a3f4506174074bc7e6b6c11526d9a7bb79ac"},{"fixed":"0eb1d36b0765313ac4eeeefecbeae82e97c44acc"}]}],"versions":["v5.22.28","v5.22.27","v5.22.26","v5.22.25","v5.22.24","v5.22.23","v5.22.22","v5.22.21","v5.22.20","v5.22.19","v5.22.18","v5.22.17","v5.22.16","v5.22.15","v5.22.14","v5.22.13","v5.22.12","v5.22.11","v5.22.10","v5.22.9","v5.22.8","v5.22.7","v5.22.6","v5.22.5","v5.22.4","v5.22.3","v5.22.2","v5.22.1","v5.22.0","v5.21.44","v5.21.43","v5.21.41","v5.21.42","v5.21.40","v5.21.39","v5.21.38","v5.21.37","v5.21.36","v5.21.35","v5.21.34","v5.21.33","v5.21.32","v5.21.31","v5.21.30","v5.21.29","v5.21.28","v5.21.27","v5.21.26","v5.21.25","v5.21.24","v5.21.23","v5.21.22","v5.21.21","v5.21.20","v5.21.19","v5.21.18","v5.21.17","v5.21.16","v5.21.15","v5.21.14","v5.21.13","v5.21.12","v5.21.11","v5.21.10","v5.21.9","v5.21.8","v5.21.7","v5.21.6","v5.21.5","v5.21.4","v5.21.3","v5.21.2","v5.21.1","v5.21.0","v5.20.4","v5.20.3","v5.20.2","v5.20.1","v5.20.0","v5.19.0","v5.18.17","v5.18.16","v5.18.15","v5.18.14","v5.18.13","v5.18.12","v5.18.11","v5.18.10","v5.18.7","v5.18.9","v5.18.8","v5.18.6","v5.18.5","v5.18.4","v5.18.3","v5.18.2","v5.18.1","v5.18.0","v5.17.18","v5.17.17","v5.17.16","v5.17.15","v5.17.14","v5.17.13","v5.17.12","v5.17.11","v5.17.10","v5.17.9","v5.17.8","v5.17.7","v5.17.6","v5.17.5","v5.17.1","v5.17.4","v5.17.3","v5.17.2","v5.17.0","v5.16.2","v5.16.1","v5.16.0","v5.15.2","v5.15.1","v5.14.5","v5.15.0","v5.14.4","v5.14.3","v5.14.2","v5.14.1","v5.13.4","v5.14.0","v5.13.3","v5.13.2","v5.13.1","v5.13.0","v5.12.3","v5.12.0","v5.12.2","v5.12.1","v5.11.0","v5.10.13","v5.10.12","v5.10.11","v5.10.10","v5.10.9","v5.10.8","v5.10.7","v5.10.6","v5.10.5","v5.10.4","v5.10.3","v5.10.2","v5.10.1","v5.10.0","v5.9.0","v5.8.0","v5.7.11","v5.7.10","v5.7.8","v5.7.9","v5.7.7","v5.7.6","v5.7.5","v5.7.4","v5.7.3","v5.7.2","v5.7.1","v5.7.0","v5.6.1","v5.6.0","v5.5.0","v5.4.4","v5.5.3","v5.5.2","v5.5.1","v5.4.3","v5.4.2","v5.4.1","v5.4.0","v5.3.0","v5.2.0","v5.1.6","v5.1.5","v5.1.4","v5.0.5","v5.1.0","v5.1.3","v5.1.2","v5.1.1","v5.0.6","v5.0.3","v5.0.4","v5.0.2","v5.0.1","v5.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-42658.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}