Headline
CVE-2022-3967: Fix for Sed Injection Vulnerability · serghey-rodin/vesta@39561c3
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe563de48cc96eccb9e2c655e25. It is recommended to apply a patch to fix this issue. VDB-213546 is the identifier assigned to this vulnerability.
@@ -831,6 +831,23 @@ is_format_valid_shell() { exit $E_INVALID fi }
format_no_quotes() { exclude="['|\"]" if [[ “$1” =~ $exclude ]]; then check_result “$E_INVALID” “Invalid $2 contains qoutes (\” or ') :: $1" fi is_no_new_line_format “$1” }
is_no_new_line_format() { test=$(echo “$1” | head -n1 ); if [[ “$test” != “$1” ]]; then check_result “$E_INVALID” “invalid value :: $1” fi }