vulnerability
Arch Linux: Arbitrary command execution (CVE-2017-12904)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Aug 23, 2017 | Jul 11, 2025 | Nov 27, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Aug 23, 2017
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted shell command execution by crafting an RSS item that includes shell code in its title and/or URL. When the user bookmarks such item the shell code will be executed.
Solution
arch-linux-upgrade-latest
References
- CVE-2017-12904
- https://attackerkb.com/topics/CVE-2017-12904
- URL-http://www.debian.org/security/2017/dsa-3947
- URL-https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
- URL-https://github.com/akrennmair/newsbeuter/issues/591
- URL-https://groups.google.com/forum/#%21topic/newsbeuter/iFqSE7Vz-DE
- URL-https://security.archlinux.org/ASA-201708-15
- URL-https://security.archlinux.org/ASA-201709-11
- URL-https://usn.ubuntu.com/4585-1/
- CWE-943
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.