Path Traversal in Clasp impacting versions < 3.2.0 allows a remote attacker to perform remote code execution via a malicious Google Apps Script project containing specially crafted filenames with directory traversal sequences.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://github.com/google/clasp/pull/1109 |
Configurations
No configuration.
History
13 Mar 2026, 19:55
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-13 19:55
Updated : 2026-03-13 19:55
NVD link : CVE-2026-4092
Mitre link : CVE-2026-4092
CVE.ORG link : CVE-2026-4092
JSON object : View
Products Affected
No product.
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')