CVE-2020-15167

Опубликовано: 02 сент. 2020

Источник: nvd

CVSS3: 8.2

CVSS3: 8.6

CVSS2: 4.4

EPSS Низкий

Описание

In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious .mlrrc file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1.

Ссылки

https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw
Exploit
Third Party Advisory
https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:johnkerl:miller:5.9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.00119

Низкий

8.2 High

CVSS3

8.6 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-94

CWE-427

Связанные уязвимости

CVE-2020-15167

CVSS3: 8.2

ubuntu

больше 5 лет назад

In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1.

CVE-2020-15167

CVSS3: 8.2

debian

больше 5 лет назад

In Miller (command line utility) using the configuration file support ...

EPSS

Процентиль: 31%

0.00119

Низкий

8.2 High

CVSS3

8.6 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-94

CWE-427