Описание
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 2.7.0+bzr6622-6ubuntu1 |
| devel | released | 2.7.0+bzr6622-6ubuntu1 |
| esm-infra-legacy/trusty | released | 2.6.0+bzr6593-1ubuntu1.6 |
| esm-infra/xenial | released | 2.7.0-2ubuntu3.1 |
| precise/esm | not-affected | 2.5.1-0ubuntu2.1 |
| trusty | released | 2.6.0+bzr6593-1ubuntu1.6 |
| trusty/esm | released | 2.6.0+bzr6593-1ubuntu1.6 |
| upstream | needs-triage | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 2.7.0-2ubuntu3.1 |
Показывать по
EPSS
9.3 Critical
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attac ...
EPSS
9.3 Critical
CVSS2
8.8 High
CVSS3