Your submission was sent successfully! Close

CVE-2019-3462

Published: 22 January 2019

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

Priority

High

CVSS 3 base score: 8.1

Status

Package Release Status
apt
Launchpad, Ubuntu, Debian
bionic
Released (1.6.6ubuntu0.1)
cosmic
Released (1.7.0ubuntu0.1)
precise
Released (0.8.16~exp12ubuntu10.28)
trusty
Released (1.0.1ubuntu2.19)
upstream Needs triage

xenial
Released (1.2.29ubuntu0.1)