The gentoo packages web app contains a command injection vulnerability within the "similar" links. Reproducible: Always Steps to Reproduce: 1.Visit the http://packages.gentoo.org page 2.Click on any package's Similar link 3.Add a semi-colan to the URL followed by the command you'd like to execute. If spaces are required use ${IFS} as a replacement for spaces. Actual Results: At the bottom of the page the output of the command will be shown. Expected Results: Commands should not be executed
*** This bug has been marked as a duplicate of bug 187971 ***