Summary: | www-misc/awstats: Arbitrary code execution (CVE-2020-35176) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | major | CC: | web-apps |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/eldy/awstats/issues/195 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=646786 https://github.com/gentoo/gentoo/pull/23754 |
||
Whiteboard: | B2 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
![]() ![]() ![]() ![]() ping Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Hm, this doesn't quite seem like arbitrary code execution on its own, since this may execute code via path traversal. |