You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Oct 10, 2019. It is now read-only.
Newsbeuter didn't properly shell-escape the arguments passed to
bookmarking command, which allows a remote attacker to perform remote
code execution by crafting an RSS item whose title and/or URL contain
something interpretable by the shell (most notably subshell
invocations.)
This has been reported by Jeriko One <jeriko.one@gmx.us>, complete with
PoC and a patch.
This vulnerability was assigned CVE-2017-12904.
0 commit comments