mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
132 lines
4.9 KiB
JSON
132 lines
4.9 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "cve@mitre.org",
|
|
"ID": "CVE-2019-13638",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://security-tracker.debian.org/tracker/CVE-2019-13638",
|
|
"refsource": "MISC",
|
|
"name": "https://security-tracker.debian.org/tracker/CVE-2019-13638"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0",
|
|
"url": "https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-4489",
|
|
"url": "https://www.debian.org/security/2019/dsa-4489"
|
|
},
|
|
{
|
|
"refsource": "BUGTRAQ",
|
|
"name": "20190730 [SECURITY] [DSA 4489-1] patch security update",
|
|
"url": "https://seclists.org/bugtraq/2019/Jul/54"
|
|
},
|
|
{
|
|
"refsource": "BUGTRAQ",
|
|
"name": "20190816 Details about recent GNU patch vulnerabilities",
|
|
"url": "https://seclists.org/bugtraq/2019/Aug/29"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html",
|
|
"url": "http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html"
|
|
},
|
|
{
|
|
"refsource": "GENTOO",
|
|
"name": "GLSA-201908-22",
|
|
"url": "https://security.gentoo.org/glsa/201908-22"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2019-ac709da87f",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWWGISFWACROJJPVJJL4UBLVZ7LPOLT/"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://security.netapp.com/advisory/ntap-20190828-0001/",
|
|
"url": "https://security.netapp.com/advisory/ntap-20190828-0001/"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/irsl/gnu-patch-vulnerabilities",
|
|
"url": "https://github.com/irsl/gnu-patch-vulnerabilities"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2798",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2798"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2964",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2964"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:3757",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:3757"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:3758",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:3758"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:4061",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:4061"
|
|
}
|
|
]
|
|
}
|
|
} |