CVE-2000-0352 — OF Washington Pine vulnerability

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

2.5%

top 14.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

University OF Washington Pine

Timeline

PublishedNov 18

Latest updateMay 3

Description

Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDuniversity_of_washington/pine4.20, 4.21+1

🔴Vulnerability Details

GHSA

GHSA-q62p-v3wf-j428: Pine before version 4↗2022-05-03

▶

CVEList

CVE-2000-0352: Pine before version 4↗2000-07-12

▶

💥Exploits & PoCs

Exploit-DB

Microsoft RPC DCOM Interface - Remote Overflow (MS03-026) (Metasploit)↗2011-01-11

▶