First published: Thu Jan 03 2008(Updated: )
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Unp | <=1.0.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.