CVE-2013-1436

描述

The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag.

受影響套件(2)

• Debian/xmonad-contribfrom 0, < 0.11.2-1
• Hackage/xmonad-contrib>= 0.5, < 0.11.2

CVSS 分數

參考連結(4)

• ADVISORYhttps://security.gentoo.org/glsa/201405-28
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-1436
• PATCHhttps://github.com/xmonad/xmonad-contrib/commit/d3b2a01e3d01ac628e7a3139dd55becbfa37cf51
• WEBhttp://www.openwall.com/lists/oss-security/2013/07/26/5