Описание
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management console.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| weblate | itp | package |
EPSS
Процентиль: 2%
0.00012
Низкий
Связанные уязвимости
CVSS3: 6.6
nvd
около 1 месяца назад
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management console.
CVSS3: 6.6
github
около 1 месяца назад
Weblate has an argument injection in management console
EPSS
Процентиль: 2%
0.00012
Низкий