Critical severity9.8NVD Advisory· Published Jul 13, 2023· Updated Jun 17, 2026
CVE-2023-38198
CVE-2023-38198
Description
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- acme.sh/acme.shdescription
- Range: <3.0.6
Patches
Vulnerability mechanics
References
7- www.openwall.com/lists/oss-security/2023/07/13/1nvdMailing ListThird Party Advisory
- github.com/acmesh-official/acme.sh/issues/4659nvdIssue TrackingThird Party Advisory
- groups.google.com/a/mozilla.org/g/dev-security-policy/c/heXVr8o83YsnvdThird Party Advisory
- news.ycombinator.com/itemnvdThird Party Advisory
- news.ycombinator.com/itemnvdThird Party Advisory
- www.reddit.com/r/netsec/comments/144ygg7/acmesh_runs_arbitrary_commands_from_a_remote/nvdThird Party Advisory
- github.com/acmesh-official/acme.sh/releases/tag/3.0.6nvdRelease Notes
News mentions
0No linked articles in our index yet.