Lucene search

[email protected]CVE-2013-7416

HistoryDec 03, 2014 - 9:59 p.m.

CVE-2013-7416

2014-12-0321:59:00

CWE-77

[email protected]

web.nvd.nist.gov

cve

2013

7416

canto

curses

guibase.py

remote feed

arbitrary commands

shell metacharacters

url

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.

Affected configurations

NVD

Node

cantocanto_cursesRange≤0.9.0alpha5

cantocanto_cursesMatch0.8.4

cantocanto_cursesMatch0.9.0alpha2

cantocanto_cursesMatch0.9.0alpha3

cantocanto_cursesMatch0.9.0alpha4

CPENameOperatorVersion
canto:canto_cursescanto canto cursesle0.9.0
canto:canto_cursescanto canto curseseq0.8.4

CPE	Name	Operator	Version
canto:canto_curses	canto canto curses	le	0.9.0
canto:canto_curses	canto canto curses	eq	0.8.4

References

seclists.org/oss-sec/2014/q4/826

seclists.org/oss-sec/2014/q4/832

www.securityfocus.com/bid/71323

bugs.debian.org/cgi-bin/bugreport.cgi?bug=731582

exchange.xforce.ibmcloud.com/vulnerabilities/98947

github.com/themoken/canto-curses/commit/2817869f98c54975f31e2dd674c1aefa70749cca

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.9%

JSON

Related for CVE-2013-7416

ubuntucve1 prion1 cvelist1 nvd1