Описание
Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."
A flaw was found in Thor, where it improperly constructs shell commands using data derived from libraries. This flaw allows a local attacker to execute arbitrary commands. Command execution occurs when processing specially crafted library input.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp2/zync-rhel8 | Fix deferred | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp2/zync-rhel9 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
2.8 Low
CVSS3
Связанные уязвимости
Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."
Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."
Thor before 1.4.0 can construct an unsafe shell command from library i ...
Withdrawn Advisory: Thor can construct an unsafe shell command from library input.
2.8 Low
CVSS3