9.3

CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NewsbeuterNewsbeuter Version0.7
NewsbeuterNewsbeuter Version0.8
NewsbeuterNewsbeuter Version0.8.1
NewsbeuterNewsbeuter Version0.8.2
NewsbeuterNewsbeuter Version0.9
NewsbeuterNewsbeuter Version0.9.1
NewsbeuterNewsbeuter Version1.0
NewsbeuterNewsbeuter Version1.1
NewsbeuterNewsbeuter Version1.2
NewsbeuterNewsbeuter Version1.3
NewsbeuterNewsbeuter Version2.0
NewsbeuterNewsbeuter Version2.1
NewsbeuterNewsbeuter Version2.2
NewsbeuterNewsbeuter Version2.3
NewsbeuterNewsbeuter Version2.4
NewsbeuterNewsbeuter Version2.5
NewsbeuterNewsbeuter Version2.6
NewsbeuterNewsbeuter Version2.7
NewsbeuterNewsbeuter Version2.8
NewsbeuterNewsbeuter Version2.9
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.4% 0.928
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-943 Improper Neutralization of Special Elements in Data Query Logic

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

http://www.debian.org/security/2017/dsa-3947
Third Party Advisory
https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
Patch
Third Party Advisory
https://github.com/akrennmair/newsbeuter/issues/591
Third Party Advisory
Issue Tracking
https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
https://usn.ubuntu.com/4585-1/