CVE-2017-1000473

HIGH

linux-dash < 2.0 - OS Command Injection via Module Name Parsing

Title source: llm
STIX 2.1

Description

Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.

References (1)

Core 1
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/afaqurk/linux-dash/issues/447

Scores

CVSS v3 7.8
EPSS 0.0109
EPSS Percentile 61.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
linux-dash_project/linux-dash < 2.0
Published Jan 03, 2018
Tracked Since Feb 18, 2026