PT-2014-3425 · Canto · Canto Curses
The_Walrus_88
·
Published
2014-12-03
·
Updated
2017-09-08
·
CVE-2013-7416
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Canto Curses versions prior to 0.9.0
Description
The issue allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. This is due to a problem in the canto curses/guibase.py file.
Recommendations
For versions prior to 0.9.0, update to version 0.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to feeds from untrusted sources to minimize the risk of exploitation.
Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Canto Curses