Описание
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | texlive | Not affected | ||
| Red Hat Enterprise Linux 7 | texlive | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1429452texlive: mpost allows to run non-whitelisted external programs
7 High
CVSS3
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 9 лет назад
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
CVSS3: 9.8
nvd
почти 9 лет назад
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
CVSS3: 9.8
debian
почти 9 лет назад
TeX Live allows remote attackers to execute arbitrary commands by leve ...
CVSS3: 9.8
github
больше 3 лет назад
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
7 High
CVSS3