PT-2018-6070 · Growl · Growl

Evilpacket

+1

·

Published

2018-06-04

·

Updated

2019-10-09

·

CVE-2017-16042

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: growl versions prior to 1.10.2
Description: The issue allows for arbitrary command execution due to improper input sanitization before passing it to a shell command.
Recommendations: Update to version 1.10.2 or later.

Fix

Code Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-78

Related Identifiers

AZL-44547
CVE-2017-16042
GHSA-QH2H-CHJ9-JFFQ

Affected Products

Growl