CVE-2017-12904
8.8HIGHImproper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by craf
Veröffentlicht: 8/23/2017Aktualisiert: 4/20/2025
Beschreibung
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
KI-AnalyseKI-gestützt
Betroffene Produkte
newsbeuternewsbeuter
0.7
newsbeuternewsbeuter
0.8
newsbeuternewsbeuter
0.8.1
newsbeuternewsbeuter
0.8.2
newsbeuternewsbeuter
0.9
newsbeuternewsbeuter
0.9.1
newsbeuternewsbeuter
1.0
newsbeuternewsbeuter
1.1
newsbeuternewsbeuter
1.2
newsbeuternewsbeuter
1.3
newsbeuternewsbeuter
2.0
newsbeuternewsbeuter
2.1
newsbeuternewsbeuter
2.2
newsbeuternewsbeuter
2.3
newsbeuternewsbeuter
2.4
newsbeuternewsbeuter
2.5
newsbeuternewsbeuter
2.6
newsbeuternewsbeuter
2.7
newsbeuternewsbeuter
2.8
newsbeuternewsbeuter
2.9
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
Referenzen
- http://www.debian.org/security/2017/dsa-3947Third Party Advisory
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307PatchThird Party Advisory
- https://github.com/akrennmair/newsbeuter/issues/591Issue TrackingThird Party Advisory
- https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- https://usn.ubuntu.com/4585-1/
- http://www.debian.org/security/2017/dsa-3947Third Party Advisory
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307PatchThird Party Advisory
- https://github.com/akrennmair/newsbeuter/issues/591Issue TrackingThird Party Advisory
- https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- https://usn.ubuntu.com/4585-1/