CVE-2012-1095
published 2014-02-06CVE-2012-1095: osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status…
medium4.3CVSS 3.1
AVNACMAuNCNIPAN
osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | osc | < osc 0.134.0-1 (bookworm) | osc 0.134.0-1 (bookworm) |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | osc | <= 0.133 | — |
| opensuse | osc | >= 0 < 0.134.0-1 | 0.134.0-1 |
| opensuse | osc | >= 0 < 0.134.0-1 | 0.134.0-1 |
| opensuse | osc | >= 0 < 0.134.0-1 | 0.134.0-1 |
| opensuse | osc | >= 0 < 0.134.0-1 | 0.134.0-1 |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM