CVE-2019-11829: OS Command Injection
First published: Sun Jun 30 2019(Updated: )
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Calendar | <2.3.1-0617 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-11829.
What is the severity of CVE-2019-11829?
The severity of CVE-2019-11829 is critical with a CVSS score of 9.8.
Which software is affected by CVE-2019-11829?
The Synology Calendar version up to 2.3.1-0617 is affected by CVE-2019-11829.
How does CVE-2019-11829 work?
CVE-2019-11829 is an OS command injection vulnerability that allows remote attackers to execute arbitrary commands via a crafted 'X-Real-IP' header.
Is there a fix available for CVE-2019-11829?
Yes, a fix is available. Users should update to Synology Calendar version 2.3.1-0617 or higher.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/synology
- canonical/synology calendar