Back to search
CVE-2017-17459
Published: Dec 7, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.fossil-scm.org/xfer/info/1f63db591c77108c
x_refsource_CONFIRM
https://www.fossil-scm.org/xfer/doc/trunk/www/changes.wiki#v2_4
x_refsource_CONFIRM
https://bugzilla.opensuse.org/show_bug.cgi?id=1071709
x_refsource_CONFIRM
FEDORA-2019-f350634b40
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now