Main Vulnerability Database Vulnerabilities #VU130479

Improper Neutralization of Escape, Meta, or Control Sequences in GuardDog - #VU130479

Published: May 7, 2026

Vulnerability identifier: #VU130479

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-150

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GuardDog

Software vendor:
DataDog

Description

The vulnerability allows a remote attacker to disclose sensitive information and modify terminal or log output.

The vulnerability exists due to improper neutralization of escape sequences in human-readable scan output when rendering attacker-controlled filenames, file locations, messages, and code snippets. A remote attacker can craft malicious package content to disclose sensitive information and modify terminal or log output.

User interaction is required to view the human-readable output, and compatible terminals or CI logs may interpret ANSI or OSC escape sequences.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://github.com/DataDog/guarddog/security/advisories/GHSA-m5p4-gvpx-4mvr

Improper Neutralization of Escape, Meta, or Control Sequences in GuardDog - #VU130479

Description

Remediation

External links

Please verify you're human