High severity8.8NVD Advisory· Published Aug 23, 2017· Updated May 13, 2026
CVE-2017-11610
CVE-2017-11610
Description
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
supervisorPyPI | < 3.0.1 | 3.0.1 |
supervisorPyPI | >= 3.1.0, < 3.1.4 | 3.1.4 |
supervisorPyPI | >= 3.2.0, < 3.2.4 | 3.2.4 |
supervisorPyPI | >= 3.3.0, < 3.3.3 | 3.3.3 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- www.exploit-db.com/exploits/42779/nvdExploitThird Party AdvisoryVDB Entry
- www.debian.org/security/2017/dsa-3942nvdThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2017:3005nvdThird Party AdvisoryWEB
- github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txtnvdRelease NotesVendor AdvisoryWEB
- github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txtnvdRelease NotesVendor AdvisoryWEB
- github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txtnvdRelease NotesVendor AdvisoryWEB
- github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txtnvdRelease NotesVendor AdvisoryWEB
- github.com/Supervisor/supervisor/issues/964nvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-x7c8-4x3h-874wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-11610ghsaADVISORY
- security.gentoo.org/glsa/201709-06nvdThird Party AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/supervisor/PYSEC-2017-41.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466BghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IMghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQghsaWEB
- www.exploit-db.com/exploits/42779ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/nvd
News mentions
0No linked articles in our index yet.