説明
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
AI分析AIによる分析
影響を受ける製品
newsbeuternewsbeuter
0.7
newsbeuternewsbeuter
0.8
newsbeuternewsbeuter
0.8.1
newsbeuternewsbeuter
0.8.2
newsbeuternewsbeuter
0.9
newsbeuternewsbeuter
0.9.1
newsbeuternewsbeuter
1.0
newsbeuternewsbeuter
1.1
newsbeuternewsbeuter
1.2
newsbeuternewsbeuter
1.3
newsbeuternewsbeuter
2.0
newsbeuternewsbeuter
2.1
newsbeuternewsbeuter
2.2
newsbeuternewsbeuter
2.3
newsbeuternewsbeuter
2.4
newsbeuternewsbeuter
2.5
newsbeuternewsbeuter
2.6
newsbeuternewsbeuter
2.7
newsbeuternewsbeuter
2.8
newsbeuternewsbeuter
2.9
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
参照
- http://www.debian.org/security/2017/dsa-3947Third Party Advisory
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307PatchThird Party Advisory
- https://github.com/akrennmair/newsbeuter/issues/591Issue TrackingThird Party Advisory
- https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- https://usn.ubuntu.com/4585-1/
- http://www.debian.org/security/2017/dsa-3947Third Party Advisory
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307PatchThird Party Advisory
- https://github.com/akrennmair/newsbeuter/issues/591Issue TrackingThird Party Advisory
- https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- https://usn.ubuntu.com/4585-1/