Overview: 1 vulnerability

WSA CVE Score Severity Issue Vulnerability type Scope Versions Fix Release date
WSA-2012-2 CVE-2012-5534 10.0
Remote execution of commands via scripts. Improper input validation API 0.3.0 → 0.3.9.1 0.3.9.2

WSA-2012-2: [API] Remote execution of commands via scripts.

Vulnerability
CVE
CVE-2012-5534 [ MITRE / NVD ]
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (detail)
CVSS score
10.0 / 10
Severity
critical
Vulnerability type
Improper input validation (detail)
Scope
API
Affected versions
0.3.0 → 0.3.9.1
Fixed version
0.3.9.2 () - ChangeLog
Tracker
bug #37764
Commits
Commit
Description
Untrusted command for function hook_process could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself).
Mitigation
Remove/unload all scripts calling the API function hook_process.

GitHub Mastodon Diaspora Twitter

Copyright © 2003-2024 Sébastien HelleuAbout WeeChat.org — Theme: dark (light)