CVE-2017-16228 – dulwich

Package

Manager: pip
Name: dulwich
Vulnerable Version: >=0 <0.18.5

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00975 pctl0.75816

Details

Dulwich RCE Vulnerability Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.

Metadata

Created: 2022-05-13T01:44:04Z
Modified: 2024-09-20T16:44:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cwwh-4382-6fwr/GHSA-cwwh-4382-6fwr.json
CWE IDs: []
Alternative ID: GHSA-cwwh-4382-6fwr
Finding: F004
Auto approve: 1