CVE-2021-45845

Опубликовано: 25 янв. 2022

Источник: debian

EPSS Низкий

Описание

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
freecad	fixed	0.19.4+dfsg1-1		package
freecad	not-affected		buster	package
freecad	not-affected		stretch	package

Примечания

https://github.com/FreeCAD/FreeCAD/pull/5306
Introduced by: https://github.com/FreeCAD/FreeCAD/commit/dfc4e53f67785841b9bf106a79ccf5a6f7b0d524
Fixed by: https://github.com/FreeCAD/FreeCAD/commit/169eb655f30180b95e5923be2eb3bc4de6e02406 (master)
Fixed by: https://github.com/FreeCAD/FreeCAD/commit/a73f442f88725e08f36a3614e690bdef24c3dee3 (0.19.4)
https://tracker.freecad.org/view.php?id=4810

EPSS

Процентиль: 81%

0.01544

Низкий

Связанные уязвимости

CVE-2021-45845

CVSS3: 7.8

ubuntu

около 4 лет назад

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

CVE-2021-45845

CVSS3: 7.8

nvd

около 4 лет назад

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

GHSA-pp7p-q5v7-3cr2

CVSS3: 7.8

github

около 4 лет назад

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

EPSS

Процентиль: 81%

0.01544

Низкий