CVE-2017-15924 log

Severity High
Remote No
Type Arbitrary command execution
In manager.c in ss-manager in shadowsocks-libev before 3.1.1, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via UDP traffic, related to the add_server, build_config, and construct_command_line functions.
Group Package Affected Fixed Severity Status Ticket
AVG-474 shadowsocks-libev 3.1.0-2 3.1.1-1 High Fixed
Date Advisory Group Package Severity Type
30 Nov 2017 ASA-201711-40 AVG-474 shadowsocks-libev High arbitrary command execution