CVE-2012-2242
EPSS 0.64%
Description
scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.
How to fix CVE-2012-2242
To remediate CVE-2012-2242, upgrade the affected package to a fixed version below.
- Debian/devscripts—upgrade to 2.12.3 or later
Is CVE-2012-2242 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.12.3