Описание
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
A vulnerability was found in guile's REPL server (--listen), making it vulnerable to HTTP inter-protocol attacks. A crafted website, when visited by a developer with an instance of the REPL server, could cause arbitrary code execution within the guile scheme interpreter.
Отчет
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | guile | Not affected | ||
| Red Hat Enterprise Linux 6 | guile | Not affected | ||
| Red Hat Enterprise Linux 7 | guile | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
8.3 High
CVSS3
5.1 Medium
CVSS2
Связанные уязвимости
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to e ...
The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
EPSS
8.3 High
CVSS3
5.1 Medium
CVSS2