CVE-2017-12904
Publication date 23 August 2017
Last updated 25 August 2025
Ubuntu priority
Description
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| newsbeuter | 20.04 LTS focal | Not in release |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 2.9-3ubuntu0.1
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4585-1
- Newsbeuter vulnerabilities
- 15 October 2020