Adding VuXML record for vulnerability CVE-2017-15924 in net/shadowsocks-libev.
D14200 (part I). The next commit will update net/shadowsocks-libev and fix this vulnerability. PR: 225442 Submitted by: myself Approved by: adamw (mentor) Differential Revision: https://reviews.freebsd.org/D14200
This commit is contained in:
parent
c34cc9da29
commit
575834304a
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=460961
@ -58,6 +58,32 @@ Notes:
|
||||
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="3746de31-0a1a-11e8-83e7-485b3931c969">
|
||||
<topic> shadowsocks-libev -- command injection via shell metacharacters </topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>shadowsocks-libev</name>
|
||||
<range><ge>3.1.0</ge><lt>3.1.1</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>MITRE reports:</p>
|
||||
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15924">
|
||||
<p>Improper parsing allows command injection via shell metacharacters in
|
||||
a JSON configuration request received via 127.0.0.1 UDP traffic.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>https://nvd.nist.gov/vuln/detail/CVE-2017-15924</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2017-10-27</discovery>
|
||||
<entry>2018-02-05</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="5044bd23-08cb-11e8-b08f-00012e582166">
|
||||
<topic>palemoon -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
|
Loading…
Reference in New Issue
Block a user