Headline
CVE-2021-45845: 0004810: Security Vulnerability in PathSanity.py
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.
****⚠️ ATTENTION!!! ⚠️****
(1) First post to forum to verify issue
(2) Link said thread to ticket and vice-a-versa
(3) Use the most updated stable or development version
(4) Post your Help>About FreeCAD>Copy to clipboard version info
(5) Post a Step-By-Step explanation on how to recreate the issue
(6) Upload an example file to demonstrate problem
IMPORTANT: POST ONLY v0.20 BUG REPORTS
- Anonymous
Date Modified
Username
Field
Change
2021-12-23 15:48
eldstal
New Issue
2021-12-23 15:48
eldstal
Steps to Reproduce Updated
2021-12-23 15:56
eldstal
Tag Attached: security
2021-12-23 15:56
eldstal
Tag Attached: Path
2021-12-23 17:54
eldstal
Product Version
0.19 => 0.20
2021-12-28 22:36
chennes
Project
File formats => Path
2021-12-28 22:36
chennes
Category
Bug => General
2022-01-25 12:58
eldstal
Note Added: 0016287