CVE-2017-12904
8.8HIGHImproper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by craf
게시됨: 8/23/2017업데이트됨: 4/20/2025
설명
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
AI 분석AI 기반
영향받는 제품
newsbeuternewsbeuter
0.7
newsbeuternewsbeuter
0.8
newsbeuternewsbeuter
0.8.1
newsbeuternewsbeuter
0.8.2
newsbeuternewsbeuter
0.9
newsbeuternewsbeuter
0.9.1
newsbeuternewsbeuter
1.0
newsbeuternewsbeuter
1.1
newsbeuternewsbeuter
1.2
newsbeuternewsbeuter
1.3
newsbeuternewsbeuter
2.0
newsbeuternewsbeuter
2.1
newsbeuternewsbeuter
2.2
newsbeuternewsbeuter
2.3
newsbeuternewsbeuter
2.4
newsbeuternewsbeuter
2.5
newsbeuternewsbeuter
2.6
newsbeuternewsbeuter
2.7
newsbeuternewsbeuter
2.8
newsbeuternewsbeuter
2.9
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
참조
- http://www.debian.org/security/2017/dsa-3947Third Party Advisory
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307PatchThird Party Advisory
- https://github.com/akrennmair/newsbeuter/issues/591Issue TrackingThird Party Advisory
- https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- https://usn.ubuntu.com/4585-1/
- http://www.debian.org/security/2017/dsa-3947Third Party Advisory
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307PatchThird Party Advisory
- https://github.com/akrennmair/newsbeuter/issues/591Issue TrackingThird Party Advisory
- https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- https://usn.ubuntu.com/4585-1/