CVE-2021-45845

Опубликовано: 25 янв. 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

Ссылки

https://github.com/FreeCAD/FreeCAD/pull/5306
Patch
Vendor Advisory
https://tracker.freecad.org/view.php?id=4810
Exploit
Issue Tracking
Patch
Vendor Advisory
https://www.debian.org/security/2022/dsa-5229
Third Party Advisory
https://github.com/FreeCAD/FreeCAD/pull/5306
Patch
Vendor Advisory
https://tracker.freecad.org/view.php?id=4810
Exploit
Issue Tracking
Patch
Vendor Advisory
https://www.debian.org/security/2022/dsa-5229
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freecadweb:freecad:0.19:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02154

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2021-45845

CVSS3: 7.8

ubuntu

около 4 лет назад

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

CVE-2021-45845

CVSS3: 7.8

debian

около 4 лет назад

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...

GHSA-pp7p-q5v7-3cr2

CVSS3: 7.8

github

около 4 лет назад

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

EPSS

Процентиль: 84%

0.02154

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-78