CVE-2014-8990
lsyncd - security update
EPSS 5.2%
Description
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
How to fix CVE-2014-8990
To remediate CVE-2014-8990, upgrade the affected package to a fixed version below.
- Debian/lsyncd—upgrade to 2.1.5-2 or later
- Debian/lsyncd—upgrade to 2.0.7-3+deb7u1 or later
Is CVE-2014-8990 being exploited?
Moderate — EPSS is 5.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.1.5-2
- from 0, < 2.0.7-3+deb7u1