CVE-2017-12904
8.8HIGHImproper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by craf
Опубликовано: 8/23/2017Обновлено: 4/20/2025
Описание
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
ИИ-АнализНа базе ИИ
Затронутые продукты
newsbeuternewsbeuter
0.7
newsbeuternewsbeuter
0.8
newsbeuternewsbeuter
0.8.1
newsbeuternewsbeuter
0.8.2
newsbeuternewsbeuter
0.9
newsbeuternewsbeuter
0.9.1
newsbeuternewsbeuter
1.0
newsbeuternewsbeuter
1.1
newsbeuternewsbeuter
1.2
newsbeuternewsbeuter
1.3
newsbeuternewsbeuter
2.0
newsbeuternewsbeuter
2.1
newsbeuternewsbeuter
2.2
newsbeuternewsbeuter
2.3
newsbeuternewsbeuter
2.4
newsbeuternewsbeuter
2.5
newsbeuternewsbeuter
2.6
newsbeuternewsbeuter
2.7
newsbeuternewsbeuter
2.8
newsbeuternewsbeuter
2.9
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
Ссылки
- http://www.debian.org/security/2017/dsa-3947Third Party Advisory
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307PatchThird Party Advisory
- https://github.com/akrennmair/newsbeuter/issues/591Issue TrackingThird Party Advisory
- https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- https://usn.ubuntu.com/4585-1/
- http://www.debian.org/security/2017/dsa-3947Third Party Advisory
- https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307PatchThird Party Advisory
- https://github.com/akrennmair/newsbeuter/issues/591Issue TrackingThird Party Advisory
- https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- https://usn.ubuntu.com/4585-1/