CVE-2017-9274

Опубликовано: 01 мар. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opensuse:obs-service-source_validator:*:*:*:*:*:*:*:*

Версия до 0.7 (исключая)

EPSS

Процентиль: 64%

0.00474

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2017-9274

CVSS3: 7.8

ubuntu

почти 8 лет назад

A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.

CVE-2017-9274

CVSS3: 7.8

debian

почти 8 лет назад

A shell command injection in the obs-service-source_validator before 0 ...

GHSA-rmgp-j5rm-7ghv

CVSS3: 7.8

github

больше 3 лет назад

A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.

openSUSE-SU-2017:3259-1

suse-cvrf

около 8 лет назад

Security update for the OBS toolchain

SUSE-SU-2018:0065-1

suse-cvrf

около 8 лет назад

Fixing security issues on OBS toolchain

EPSS

Процентиль: 64%

0.00474

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-78