Описание
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management console.
Уязвимые конфигурации
Конфигурация 1Версия до 5.16 (исключая)
cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*
EPSS
Процентиль: 2%
0.00012
Низкий
6.6 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-88
Связанные уязвимости
CVSS3: 6.6
debian
около 1 месяца назад
Weblate is a web based localization tool. Prior to 5.16.0, the SSH man ...
CVSS3: 6.6
github
около 1 месяца назад
Weblate has an argument injection in management console
EPSS
Процентиль: 2%
0.00012
Низкий
6.6 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-88