CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
85.8%
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
Vendor | Product | Version | CPE |
---|---|---|---|
devscripts_devel_team | devscripts | * | cpe:2.3:a:devscripts_devel_team:devscripts:*:*:*:*:*:*:*:* |
devscripts_devel_team | devscripts | 2.13.0 | cpe:2.3:a:devscripts_devel_team:devscripts:2.13.0:*:*:*:*:*:*:* |
devscripts_devel_team | devscripts | 2.13.1 | cpe:2.3:a:devscripts_devel_team:devscripts:2.13.1:*:*:*:*:*:*:* |
devscripts_devel_team | devscripts | 2.13.2 | cpe:2.3:a:devscripts_devel_team:devscripts:2.13.2:*:*:*:*:*:*:* |
devscripts_devel_team | devscripts | 2.13.3 | cpe:2.3:a:devscripts_devel_team:devscripts:2.13.3:*:*:*:*:*:*:* |
devscripts_devel_team | devscripts | 2.13.4 | cpe:2.3:a:devscripts_devel_team:devscripts:2.13.4:*:*:*:*:*:*:* |
devscripts_devel_team | devscripts | 2.13.5 | cpe:2.3:a:devscripts_devel_team:devscripts:2.13.5:*:*:*:*:*:*:* |
devscripts_devel_team | devscripts | 2.13.6 | cpe:2.3:a:devscripts_devel_team:devscripts:2.13.6:*:*:*:*:*:*:* |
anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5
bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849
osvdb.org/100855
seclists.org/oss-sec/2013/q4/470
seclists.org/oss-sec/2013/q4/486
www.securityfocus.com/bid/64241
bugzilla.redhat.com/show_bug.cgi?id=1040266
exchange.xforce.ibmcloud.com/vulnerabilities/89666