Veracode Vulnerability DatabaseVERACODE:28258

HistoryDec 06, 2020 - 3:43 a.m.

Arbitrary Code Execution

2020-12-0603:43:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

bazaar

vulnerability

arbitrary code

execution

ssh

url

EPSS

0.008

Percentile

81.6%

JSON

Bazaar is vulnerable to Arbitrary Code Execution. An attacker is able to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname.

References

people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14176.html

www.ubuntu.com/usn/usn-3411-1

bugs.debian.org/874429

bugs.launchpad.net/bzr/+bug/1710979

bugzilla.redhat.com/show_bug.cgi?id=1486685

bugzilla.suse.com/show_bug.cgi?id=1058214

security-tracker.debian.org/tracker/CVE-2017-14176

www.debian.org/security/2017/dsa-4052

EPSS

0.008

Percentile

81.6%

JSON

Related for VERACODE:28258