CVE-2018-12562
CRITICAL9.8EPSS 0.38%發布日:2018/6/19修改日:2026/4/28
也稱為:DEBIAN-CVE-2018-12562
描述
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).
受影響套件(1)
- Debian/cantatafrom 0, < 2.3.0.ds1-2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |