CVE-2019-3462

Published: 22 January 2019

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

Priority

High

CVSS 3 base score: 8.1

Status

Package Release Status
apt
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.6.6ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.2.29ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.1ubuntu2.19)