Описание
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.
Ссылки
- ExploitIssue TrackingMitigationPatchVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitIssue TrackingPatchVendor Advisory
- Third Party Advisory
- ExploitIssue TrackingMitigationPatchVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitIssue TrackingPatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:freecadweb:freecad:0.19:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00341
Низкий
7.8 High
CVSS3
7.6 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 7.8
ubuntu
около 4 лет назад
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.
CVSS3: 7.8
debian
около 4 лет назад
Improper sanitization in the invocation of ODA File Converter from Fre ...
CVSS3: 7.8
github
около 4 лет назад
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.
EPSS
Процентиль: 56%
0.00341
Низкий
7.8 High
CVSS3
7.6 High
CVSS2
Дефекты
CWE-78