CVE-2010-2445

Name of the Vulnerable Software and Affected Versions freeciv versions 2.2 through 2.2.1 and versions 2.3 through 2.3.0, but not including 2.3.0

Description The issue allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality. This is related to various Lua modules or functions, including os, io, package, dofile, loadfile, loadlib, module, and require.

Recommendations For freeciv versions 2.2 through 2.2.1, update to version 2.2.1 or later. For freeciv versions 2.3 through 2.3.0, but not including 2.3.0, update to version 2.3.0 or later.