AVG-474

Package shadowsocks-libev
Status Fixed
Severity High
Type arbitrary command execution
Affected 3.1.0-2
Fixed 3.1.1-1
Current 3.2.0-2 [community]
Ticket None
Created Fri Oct 27 18:35:46 2017
Issue Severity Remote Type Description
CVE-2017-15924 High No Arbitrary command execution
In manager.c in ss-manager in shadowsocks-libev before 3.1.1, improper parsing allows command injection via shell metacharacters in a JSON configuration...
Date Advisory Package Description
30 Nov 2017 ASA-201711-40 shadowsocks-libev arbitrary command execution