CVE-2017-1002157

Critical

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

fedora·CWE-242·Published 2019-01-10

CVSS

9.8

EPSS

0.03

KEV

Exploits

cve.orgen

125 chars

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

NVDen

125 chars

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

OSV.deven

125 chars

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

GHSAen

125 chars

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

NVDes

178 chars

modulemd, en versiones 1.3.1 y anteriores, emplea una función insegura para el procesamiento de datos proporcionados externamente, lo que conduce a la ejecución remota de código.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H