CVE-2021-45844

Опубликовано: 25 янв. 2022

Источник: debian

EPSS Низкий

Описание

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.

Пакет	Статус	Версия исправления	Релиз	Тип
freecad	fixed	0.19.4+dfsg1-1		package

Fixed by; https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (master)
Fixed by: https://github.com/FreeCAD/FreeCAD/commit/ad6977f940d3e64d78a4367452d9a338ad43fa1c (0.19.4)
https://tracker.freecad.org/view.php?id=4809

EPSS

Процентиль: 64%

0.00462

Низкий

CVE-2021-45844

CVSS3: 7.8

ubuntu

около 4 лет назад

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.

CVE-2021-45844

CVSS3: 7.8

nvd

около 4 лет назад

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.

GHSA-344m-62pc-2wvw

CVSS3: 7.8

github

около 4 лет назад

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.

EPSS

Процентиль: 64%

0.00462

Низкий