CVE-2017-12904

Name of the Vulnerable Software and Affected Versions Newsbeuter versions 0.7 through 2.9

Description The issue is related to improper neutralization of special elements used in an OS command in the bookmarking function. This allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.

Recommendations For Newsbeuter versions 0.7 through 2.9, consider disabling the bookmarking function until a patch is available to prevent exploitation. Restrict access to RSS items that may contain malicious shell code to minimize the risk of code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.