Headline

CVE-2022-3967: Fix for Sed Injection Vulnerability · serghey-rodin/vesta@39561c3

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe563de48cc96eccb9e2c655e25. It is recommended to apply a patch to fix this issue. VDB-213546 is the identifier assigned to this vulnerability.

1 year ago

CVE

Open in Source

#vulnerability

@@ -831,6 +831,23 @@ is_format_valid_shell() { exit $E_INVALID fi }
format_no_quotes() { exclude="['|\"]" if [[ “$1” =~ $exclude ]]; then check_result “$E_INVALID” “Invalid $2 contains qoutes (\” or ') :: $1" fi is_no_new_line_format “$1” }
is_no_new_line_format() { test=$(echo “$1” | head -n1 ); if [[ “$test” != “$1” ]]; then check_result “$E_INVALID” “invalid value :: $1” fi }

Format validation controller is_format_valid() { for arg_name in $*; do @@ -839,6 +856,7 @@ is_format_valid() { case $arg_name in account) is_user_format_valid “$arg” "$arg_name";; action) is_fw_action_format_valid "$arg";; alias) is_alias_format_valid “$arg” ;; aliases) is_alias_format_valid “$arg” ;; antispam) is_boolean_format_valid “$arg” ‘antispam’ ;; antivirus) is_boolean_format_valid “$arg” ‘antivirus’ ;;

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

9 months ago

9 months ago

9 months ago

9 months ago

9 months ago