CVE-2004-0489Argument Injection in Apple MAC OS X

CWE-88Argument Injection3 documents3 sources
Severity
7.6HIGHNVD
EPSS
14.3%
top 5.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple MAC OS X
Timeline
PublishedJul 7
Latest updateApr 29

Description

Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDapple/mac_os_x10.3.3

🔴Vulnerability Details

1
GHSA
GHSA-q495-4rmw-2q38: Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 102022-04-29

📐Framework References

1
CWE
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')