6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
The open-in-browser command in newsbeuter before 1.1 allows remote
attackers to execute arbitrary commands via shell metacharacters in a feed
URL.
Author | Note |
---|---|
jdstrand | per Debian: versions < 1.0-1 didn’t include a patch to wrap long article URLs so the crafted part of the URL can be hidden. This of course only affects people not reading articles in the built-in reader. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | newsbeuter | < 0.7-1ubuntu0.1 | UNKNOWN |
ubuntu | 8.10 | noarch | newsbeuter | < 0.9.1-1+lenny3 | UNKNOWN |