CVE-2017-7239

Опубликовано: 10 апр. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.

Ссылки

http://www.openwall.com/lists/oss-security/2017/04/03/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/97325
Third Party Advisory
VDB Entry
https://github.com/dmgerman/ninka/commit/81f185261c8863c5b84344ee31192870be939faf
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/04/03/3
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/97325
Third Party Advisory
VDB Entry
https://github.com/dmgerman/ninka/commit/81f185261c8863c5b84344ee31192870be939faf
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ninka_project:ninka:*:*:*:*:*:*:*:*

Версия до 1.3.0 (включая)

EPSS

Процентиль: 84%

0.02113

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

Связанные уязвимости

CVE-2017-7239

CVSS3: 9.8

debian

почти 9 лет назад

Ninka before 1.3.2 might allow remote attackers to obtain sensitive in ...

GHSA-32f9-rqvx-v6wh

CVSS3: 9.8

github

больше 3 лет назад

Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.

EPSS

Процентиль: 84%

0.02113

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74