rpm package
suse/cvs&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/cvs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-12836 | Hig | 7.5 | < 1.12.12-144.23.5.3.1 | 1.12.12-144.23.5.3.1 | Aug 24, 2017 | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." |
- affected < 1.12.12-144.23.5.3.1fixed 1.12.12-144.23.5.3.1
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."