PT-2020-21107 · Softwarex · Softwarex

Published

2020-09-03

·

Updated

2020-09-03

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SoftwareX version 8.9.4
Description The issue concerns malicious code in the preinstall script of the package, which reads the system's SSH keys but does not upload them to a remote server.
Recommendations Remove the package from your environment.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-506

Related Identifiers

GHSA-725F-3PW7-RQ6X

Affected Products

Softwarex