PYSEC-2017-12
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/dulwich/PYSEC-2017-12.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2017-12
- Aliases
- Published
- 2017-10-29T20:29:00Z
- Modified
- 2023-11-01T04:47:59.111192Z
- Summary
- [none]
- Details
-
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.
- References
Affected packages
PyPI / dulwich
Package
- Name
- dulwich
- View open source insights on deps.dev
- Purl
- pkg:pypi/dulwich
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.18.5
Affected versions
0.*
0.0.1
0.1.0
0.1.1
0.2.1
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0
0.4.1
0.5.0
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
0.10.0
0.10.1a
0.11.0
0.11.1
0.11.2
0.12.0
0.13.0
0.14.0
0.14.1
0.15.0
0.16.0
0.16.1
0.16.2
0.16.3
0.17.1
0.17.2
0.17.3
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4