ghsa-248x-4c3j-hcg7
Vulnerability from github
Published
2022-05-13 01:16
Modified
2022-05-13 01:16
Severity
8.1 (High) - CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2018-1000500"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-26T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".",
  "id": "GHSA-248x-4c3j-hcg7",
  "modified": "2022-05-13T01:16:08Z",
  "published": "2022-05-13T01:16:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000500"
    },
    {
      "type": "WEB",
      "url": "https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4531-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.busybox.net/pipermail/busybox/2018-May/086462.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.