CVE-2019-3462
published 2019-01-28CVE-2019-3462: Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | advanced_package_tool | < 1.2.30 | 1.2.30 |
| debian | advanced_package_tool | 1.3 – 1.4.8 | — |
| debian | apt | < apt 1.8.0~alpha3.1 (bookworm) | apt 1.8.0~alpha3.1 (bookworm) |
| debian | apt | >= 0 < 1.8.0~alpha3.1 | 1.8.0~alpha3.1 |
| debian | apt | >= 0 < 1.8.0~alpha3.1 | 1.8.0~alpha3.1 |
| debian | apt | >= 0 < 1.8.0~alpha3.1 | 1.8.0~alpha3.1 |
| debian | apt | >= 0 < 1.8.0~alpha3.1 | 1.8.0~alpha3.1 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| github.com | weaveworks_weave | >= 0 < 2.6.3 | 2.6.3 |
| weave | weave_net | < 2.6.3 | 2.6.3 |
| weaveworks | weave | < 2.6.3 | 2.6.3 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa8.1HIGH
osv8.1HIGH