Lucene search

K

MitreCVELIST:CVE-2019-13640

HistoryJul 17, 2019 - 9:07 p.m.

CVE-2019-13640

2019-07-1721:07:47

mitre

www.cve.org

9.6 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.

References

lists.opensuse.org/opensuse-security-announce/2019-08/msg00080.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00085.html

github.com/qbittorrent/qBittorrent/issues/10925

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T4XAX2VUI4WMAS5AI4OE3OEQSQCDCF5/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH3WYCKODG4OKMC4S6PWHLHAWWU6ORNC/

www.debian.org/security/2020/dsa-4650

9.6 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

Related for CVELIST:CVE-2019-13640

debian2 nessus4 suse2 ubuntucve1 alpinelinux1 fedora2 osv2 prion1 openvas5 debiancve1 cve1 mageia1 nvd1