CVE-2010-3088

pidgin-knotify < 0.2.1 - Remote Code Execution via Shell Metacharacters in Message

Title source: llm
STIX 2.1

Description

The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/13/4
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/12/1
Issue Tracking x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=336916

Scores

EPSS 0.0152
EPSS Percentile 71.5%

Details

CWE
CWE-94
Status published
Products (4)
jianping_yu/pidgin-knotify 0.1
jianping_yu/pidgin-knotify 0.1.2
jianping_yu/pidgin-knotify 0.2.0
jianping_yu/pidgin-knotify < 0.2.1
Published Oct 08, 2010
Tracked Since Feb 18, 2026