CVE-2017-12904
8.8HIGHImproper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by craf
Published: 8/23/2017Updated: 4/20/2025
Description
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
AI AnalysisPowered by AI
Affected Products
newsbeuternewsbeuter
0.7
newsbeuternewsbeuter
0.8
newsbeuternewsbeuter
0.8.1
newsbeuternewsbeuter
0.8.2
newsbeuternewsbeuter
0.9
newsbeuternewsbeuter
0.9.1
newsbeuternewsbeuter
1.0
newsbeuternewsbeuter
1.1
newsbeuternewsbeuter
1.2
newsbeuternewsbeuter
1.3
newsbeuternewsbeuter
2.0
newsbeuternewsbeuter
2.1
newsbeuternewsbeuter
2.2
newsbeuternewsbeuter
2.3
newsbeuternewsbeuter
2.4
newsbeuternewsbeuter
2.5
newsbeuternewsbeuter
2.6
newsbeuternewsbeuter
2.7
newsbeuternewsbeuter
2.8
newsbeuternewsbeuter
2.9
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
References
- http://www.debian.org/security/2017/dsa-3947Third Party Advisory
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307PatchThird Party Advisory
- https://github.com/akrennmair/newsbeuter/issues/591Issue TrackingThird Party Advisory
- https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- https://usn.ubuntu.com/4585-1/
- http://www.debian.org/security/2017/dsa-3947Third Party Advisory
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307PatchThird Party Advisory
- https://github.com/akrennmair/newsbeuter/issues/591Issue TrackingThird Party Advisory
- https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- https://usn.ubuntu.com/4585-1/