CVE-2021-44123

Published: 26 January 2022

SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.

Priority

CVSS 3 base score: 8.8

Status

Package	Release	Status
spip Launchpad, Ubuntu, Debian	bionic	Needed
	focal	Needed
	impish	Released (3.2.11-3+deb11u3build0.21.10.1)
	jammy	Needs triage
	trusty	Ignored (out of standard support)
	upstream	Needs triage
	xenial	Ignored (out of standard support)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44123
https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a
https://ubuntu.com/security/notices/USN-5482-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2021-44123

Medium

Status

References

Join the discussion

Canonical is offering Extended Security Maintenance

Further reading