CVE-2017-12904

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-12904
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12904.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-12904
Downstream
Published
2017-08-23T14:29:00Z
Modified
2025-10-15T04:35:07Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.

References

Affected packages

Git / github.com/akrennmair/newsbeuter

Affected ranges

Type
GIT
Repo
https://github.com/akrennmair/newsbeuter
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
96e9506ae9e252c548665152d1b8968297128307

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-12904-80defa35",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "156371956141367904438567274571704191043",
            "length": 1137.0
        },
        "target": {
            "file": "src/controller.cpp",
            "function": "controller::bookmark"
        },
        "source": "https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307"
    },
    {
        "id": "CVE-2017-12904-a213a0e6",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "311467814947250909956345134156606465782",
                "120649832345985744059501555645473888522",
                "291634685458980627202111577571935776043",
                "69626142850719159396634039256131327469",
                "108602646767993423147163902786916057536",
                "98085112480429494262981916468034871801",
                "92970788905403075723020112092901087587",
                "252124518186464253228361430297539845061",
                "254514588870447734634416090126986229927"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/controller.cpp"
        },
        "source": "https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307"
    }
]