Fedora 37 : liferea (2023-1ba7a77530)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-1ba7a77530 advisory. Security fix for CVE-2023-1350 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus ha...

CVE-2023-1350

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

Command injection

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

CVE-2023-1350

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

CVE-2023-1350

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

CVE-2023-1350

CVE-2023-1350 affects Liferea’s update_job_run (src/update.c, Feed Enrichment). The input source parameter can be manipulated to execute OS commands (remote, no user interaction). Documents consistently state this leads to remote code execution and that a patch exists; Gentoo/GLSA and OpenSUSE/SU...