CVE-2017-7239
CRITICALninka < 1.3.0 - Denial of Service via Crafted Filename
Title source: llmDescription
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/dmgerman/ninka/commit/81f185261c8863c5b84344ee31192870be939faf
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/04/03/3
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97325
Scores
CVSS v3
9.8
EPSS
0.0361
EPSS Percentile
88.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (1)
ninka_project/ninka
< 1.3.0
Published
Apr 10, 2017
Tracked Since
Feb 18, 2026