CRITICAL🇵🇱 Wersja polska

CVE-2019-13624

CVSS 9.8v3.0pub. 2019-07-17upd. 2024-11-21

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Onosproject Onos

    APP
    Onosproject
    1.15.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-1000616CRITICAL9.8ten sam produkt

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\dri...

CVE-2018-1000614CRITICAL9.8ten sam produkt

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in provider...

CVE-2017-1000081CRITICAL9.8ten sam produkt

Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote...

CVE-2018-1000615HIGH7.5ten sam produkt

ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in ...

CVE-2017-13763HIGH7.5ten sam produkt

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size ...