JVN#72589538: LXR vulnerable to OS command injection

2018-03-29T00:00:00
ID JVN:72589538
Type jvn
Reporter Japan Vulnerability Notes
Modified 2018-03-29T00:00:00

Description

LXR provided by LXR Project contains an OS command injection vulnerability (CWE-78).

## Impact

On a server where the product is running, a remote attacker may execute an arbitrary OS command.

## Solution

*Update the Software*
Update to the latest version according to the information provided by the developer.

## Products Affected

  • LXR version 1.0.0 to 2.3.0