liferea is vulnerable to Command Injection. The vulnerability exists in the update_job_run
function of update.c
, which allows an attacker to manipulate of the argument source with the input |date >/tmp/bad-item-link.txt
leads to os command injection
CPE | Name | Operator | Version |
---|---|---|---|
liferea:sid | eq | 1.13.3-1 | |
liferea:sid | eq | 1.13.6-2 | |
liferea:sid | eq | 1.13.3-1 | |
liferea:sid | eq | 1.13.6-2 |