PT-2019-6952 · Red Hat · Zanata

David Jorm

Published

2019-12-03

Updated

2019-12-05

CVE-2013-4486

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Zanata versions 3.0.0 through 3.1.2

Description The issue is related to Remote Code Execution (RCE) due to EL interpolation in logging.

Recommendations For versions 3.0.0 through 3.1.2, update to a version that fixes the EL interpolation issue in logging to prevent RCE.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2013-4486

Zanata