Description
osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154267.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154117.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154257.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201603-02
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=901643
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73114
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00011.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00012.html
Scores
EPSS
0.0089
EPSS Percentile
75.9%
Details
CWE
CWE-77
Status
published
Products (6)
fedoraproject/fedora
20
fedoraproject/fedora
21
fedoraproject/fedora
22
opensuse/opensuse
13.1
opensuse/opensuse
13.2
suse/opensuse_osc
< 0.150
Published
Mar 16, 2015
Tracked Since
Feb 18, 2026