CVE-2020-13124

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-13124

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13124.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-13124

Aliases

GHSA-9x87-96gg-33w2

Related

UBUNTU-CVE-2020-13124

Published

2020-08-11T16:15:12Z

Modified

2024-10-12T05:06:11.716091Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.

References

Affected packages

Debian:11 / sabnzbdplus

Package

Name: sabnzbdplus
Purl: pkg:deb/debian/sabnzbdplus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.1+dfsg-1

Affected versions

0.*

0.4.9-1

0.4.11-1

0.4.12-1

0.5.0-1

0.5.0-2

0.5.2-1

0.5.3-1

0.5.4-1

0.5.5-1

0.5.6-1

0.6.2-1

0.6.4-1

0.6.6-1

0.6.7-1

0.6.8-1

0.6.9-1

0.6.10-1

0.6.14-1

0.6.15-1

0.7.2-1

0.7.3-1

0.7.4-1

0.7.5-1

0.7.6-1

0.7.8-1

0.7.9-1

0.7.11-1

0.7.13-1

0.7.16-1

0.7.18-1

0.7.20-1

0.7.20+dfsg-1

1.*

1.0.2+dfsg-1

1.0.3+dfsg-1

1.0.3+dfsg-2

1.1.1+dfsg-1

2.*

2.3.1+dfsg-1

2.3.2+dfsg-1

2.3.4+dfsg-1

2.3.6+dfsg-1

3.*

3.0.0~0git20200408+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / sabnzbdplus

Package

Name: sabnzbdplus
Purl: pkg:deb/debian/sabnzbdplus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.1+dfsg-1

Affected versions

0.*

0.4.9-1

0.4.11-1

0.4.12-1

0.5.0-1

0.5.0-2

0.5.2-1

0.5.3-1

0.5.4-1

0.5.5-1

0.5.6-1

0.6.2-1

0.6.4-1

0.6.6-1

0.6.7-1

0.6.8-1

0.6.9-1

0.6.10-1

0.6.14-1

0.6.15-1

0.7.2-1

0.7.3-1

0.7.4-1

0.7.5-1

0.7.6-1

0.7.8-1

0.7.9-1

0.7.11-1

0.7.13-1

0.7.16-1

0.7.18-1

0.7.20-1

0.7.20+dfsg-1

1.*

1.0.2+dfsg-1

1.0.3+dfsg-1

1.0.3+dfsg-2

1.1.1+dfsg-1

2.*

2.3.1+dfsg-1

2.3.2+dfsg-1

2.3.4+dfsg-1

2.3.6+dfsg-1

3.*

3.0.0~0git20200408+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / sabnzbdplus

Package

Name: sabnzbdplus
Purl: pkg:deb/debian/sabnzbdplus?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.1+dfsg-1

Affected versions

0.*

0.4.9-1

0.4.11-1

0.4.12-1

0.5.0-1

0.5.0-2

0.5.2-1

0.5.3-1

0.5.4-1

0.5.5-1

0.5.6-1

0.6.2-1

0.6.4-1

0.6.6-1

0.6.7-1

0.6.8-1

0.6.9-1

0.6.10-1

0.6.14-1

0.6.15-1

0.7.2-1

0.7.3-1

0.7.4-1

0.7.5-1

0.7.6-1

0.7.8-1

0.7.9-1

0.7.11-1

0.7.13-1

0.7.16-1

0.7.18-1

0.7.20-1

0.7.20+dfsg-1

1.*

1.0.2+dfsg-1

1.0.3+dfsg-1

1.0.3+dfsg-2

1.1.1+dfsg-1

2.*

2.3.1+dfsg-1

2.3.2+dfsg-1

2.3.4+dfsg-1

2.3.6+dfsg-1

3.*

3.0.0~0git20200408+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/sabnzbd/sabnzbd

Affected ranges

Type: GIT
Repo: https://github.com/sabnzbd/sabnzbd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8f21533e76d64a3bc26643394d5e98dc01ece63e

Last affected

a7552c28c80395fbc6bcc1be3853723dc364c98e

Affected versions

0.*

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.6.8RC1

0.6.9

0.6.9RC1

0.6.9RC2

0.7.0

0.7.0Alpha1

0.7.0Alpha2

0.7.0Alpha3

0.7.0Beta1

0.7.0Beta2

0.7.0Beta3

0.7.0Beta4

0.7.0Beta5

0.7.0Beta6

0.7.0Beta7

0.7.0Beta8

0.7.0RC1

0.7.0RC2

0.7.1

0.7.10

0.7.10RC1

0.7.11

0.7.11RC1

0.7.11RC2

0.7.1RC1

0.7.1RC2

0.7.1RC3

0.7.1RC4

0.7.1RC5

0.7.2

0.7.2RC1

0.7.2RC2

0.7.3

0.7.3Beta1

0.7.3Beta2

0.7.3RC1

0.7.4

0.7.4Beta1

0.7.4Beta2

0.7.4Beta3

0.7.4RC1

0.7.4RC2

0.7.5

0.7.5RC1

0.7.6

0.7.6Beta1

0.7.6Beta2

0.7.6Final

0.7.7

0.7.8

0.7.8RC1

0.7.9

0.7.9RC1

0.8.0Alpha1

0.8.0Alpha2

0.8.0Beta1

0.8.0Beta2

0.8.0Beta3

0.8.0Beta4

0.8.0Beta5

0.8.0Beta6

1.*

1.0.0

1.0.0RC1

1.0.0RC2

1.0.0RC3

1.0.0RC4

1.0.0RC5

1.0.1

1.0.1RC1

1.0.2

1.0.3

1.1.0

1.1.0Beta1

1.1.0RC1

1.1.0RC2

1.1.0RC3

1.1.0RC4

1.2.0

1.2.0Beta1

1.2.0RC1

1.2.1

1.2.1Beta1

1.2.1RC1

1.2.2

1.2.3

2.*

2.0.0

2.0.0Alpha1

2.0.0Beta1

2.0.0RC1

2.0.0RC2

2.0.0RC3

2.0.1

2.0.1RC1

2.0.1RC2

2.1.0

2.1.0Beta1

2.1.0RC1

2.2.0

2.2.0Alpha1

2.2.0Alpha2

2.2.0Alpha3

2.2.0Beta1

2.2.0Beta2

2.2.0RC1

2.2.0RC2

2.2.0RC3

2.2.1

2.2.1RC1

2.2.1RC2

2.3.0

2.3.0Alpha1

2.3.0Alpha2

2.3.0RC1

2.3.0RC2

2.3.1

2.3.1Beta1

2.3.1RC1

2.3.1RC2

2.3.2

2.3.2RC1

2.3.2RC2

2.3.3

2.3.3Beta1

2.3.3RC1

2.3.3RC2

2.3.4

2.3.4RC1

2.3.5

2.3.5RC1

2.3.5RC2

2.3.6

2.3.6Beta1

2.3.6RC1

2.3.7

2.3.7Beta1

2.3.7RC1

2.3.8

2.3.8Beta1

2.3.8RC1

2.3.9

2.3.9RC1

2.3.9RC2

3.*

3.0.0Alpha1

3.0.0Alpha2