PT-2017-2775 · Newsbeuter+3 · Newsbeuter+3

Jeriko One

Published

2017-08-18

Updated

2020-10-21

CVE-2017-12904

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Newsbeuter versions 0.7 through 2.9

Description The issue is related to improper neutralization of special elements used in an OS command in the bookmarking function. This allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.

Recommendations For Newsbeuter versions 0.7 through 2.9, consider disabling the bookmarking function until a patch is available to prevent exploitation. Restrict access to RSS items that may contain malicious shell code to minimize the risk of code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-943

Related Identifiers

ALT-PU-2017-2368

BDU:2017-02033

CVE-2017-12904

DLA-1061-1

DSA-3947-1

OPENSUSE-SU-2018_0166-1

USN-4585-1

Affected Products

Alt Linux

Newsbeuter

Suse

Ubuntu

PT-2017-2775 · Newsbeuter+3 · Newsbeuter+3

CVE-2017-12904

Weakness Enumeration

Related Identifiers

Affected Products

References · 18