CVE-2017-12904 log
Source |
|
Severity | High |
Remote | Yes |
Type | Arbitrary command execution |
Description | Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted shell command execution by crafting an RSS item that includes shell code in its title and/or URL. When the user bookmarks such item the shell code will be executed. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-401 | newsbeuter | 2.9-7 | 2.9-8 | High | Fixed | |
AVG-384 | newsbeuter | 2.9-6 | 2.9-7 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
16 Sep 2017 | ASA-201709-11 | AVG-401 | newsbeuter | High | arbitrary command execution |
20 Aug 2017 | ASA-201708-15 | AVG-384 | newsbeuter | High | arbitrary code execution |
Notes |
---|
Do not use bookmarking until you apply the fix. See the comment below for details. |