CVE-2017-11610

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-11610
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11610.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-11610
Aliases
Downstream
Related
Published
2017-08-23T14:29:00Z
Modified
2025-09-19T08:53:03.320464Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

References

Affected packages

Alpine:v3.10

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.11

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.12

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.13

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.14

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.15

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.16

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.17

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.18

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.19

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.20

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.21

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.22

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.3

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1

Alpine:v3.4

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.5

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.6

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.7

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.8

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Alpine:v3.9

supervisor

Package

Name
supervisor
Purl
pkg:apk/alpine/supervisor?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.4-r0

Affected versions

3.*

3.1.1-r0
3.1.1-r1
3.1.3-r0
3.1.3-r1
3.2.0-r0

Git

github.com/supervisor/supervisor

Affected ranges

Type
GIT
Repo
https://github.com/supervisor/supervisor
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
26cc505f5eb5b0d323cbcf4a9ec05c76cf7c0630
Last affected
4142109d2d7dc1dd4153831f7c82d1131dac31ee
Last affected
42bfa5537996b2a40511ef8a5a9f7e8ec3118c98
Last affected
504e2fba3bf527ddd6969d7764fc624486d8fed6
Last affected
5fcab2c8349f5e0be664f2b29daff975bc889255
Last affected
62dd947625825178ffe2c113a4711a65cf99d36f
Last affected
7786119a97f02b9df87031563523ee878c55fc5b
Last affected
8286f01c9c5324c07e9098bda279a49144e5c2d7
Last affected
b0cb0980d97b475d8e08801e7b64a9d219cb7eb0
Last affected
b7e4ed8510c10b9dbdeb1c94c1890618f67df19f
Last affected
f067ed44b726b754d23f97fd1277a23292382f82
Last affected
fa45f8f6faff996e9f68f8ebda0ed52b9a47f0b4

Affected versions

3.*

3.0
3.0a10
3.0a11
3.0a12
3.0b1
3.0b2