CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote malicious users to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu cvs 1.12.12 |
||
gnu cvs 1.12.6 |
||
gnu cvs 1.12.3 |
||
gnu cvs 1.12.11 |
||
gnu cvs 1.12.10 |
||
gnu cvs 1.12.9 |
||
gnu cvs 1.12.7 |
||
gnu cvs 1.12.13 |
||
gnu cvs 1.12.5 |
||
gnu cvs 1.12.1 |
||
canonical ubuntu linux 17.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |