Описание
SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| sabnzbdplus | fixed | 3.1.1+dfsg-1 | package | |
| sabnzbdplus | fixed | 2.3.6+dfsg-1+deb10u1 | buster | package |
| sabnzbdplus | end-of-life | stretch | package |
Примечания
https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2
https://github.com/sabnzbd/sabnzbd/commit/dfcba6e2fb37f58fea06b453b1ba258c7f110429
https://github.com/sabnzbd/sabnzbd/commit/73d3f7b5c248fc369de3454fe53e3e93924ebfe3
EPSS
Связанные уязвимости
SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.
SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.
EPSS