vulnerability
Gentoo Linux: CVE-2017-12836: CVS: Command injection
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:P/I:P/A:P) | Aug 24, 2017 | Oct 30, 2017 | Mar 31, 2026 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Published
Aug 24, 2017
Added
Oct 30, 2017
Modified
Mar 31, 2026
Description
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
Solution
gentoo-linux-upgrade-dev-vcs-cvs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.