Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-8557

Опубликовано: 08 янв. 2016
Источник: debian

Описание

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pygmentsfixed2.0.1+dfsg-2package

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1276321

  • https://bitbucket.org/birkenfeld/pygments-main/commits/0036ab1c99e256298094505e5e92f

  • https://www.openwall.com/lists/oss-security/2015/12/14/6

Связанные уязвимости

ubuntu логотип

CVE-2015-8557

CVSS3: 9
ubuntu
около 10 лет назад

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

redhat логотип

CVE-2015-8557

redhat
больше 10 лет назад

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

nvd логотип

CVE-2015-8557

CVSS3: 9
nvd
около 10 лет назад

The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.

github логотип

GHSA-fff8-4w9p-7v76

CVSS3: 9
github
больше 3 лет назад

Command Injection in Pygments