user/erl-rebar3: CVE-2020-13802: Dependency URL can lead to shell injection
Bugzilla ID | 391 |
Alias(es) | CVE-2020-13802 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-12-03 23:27:39 -0600 |
Modified | 2020-12-03 23:27:39 -0600 |
Status | UNCONFIRMED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Package(s) | user/erl-rebar3 |
URL | https://nvd.nist.gov/vuln/detail/CVE-2020-13802 |
Description
CVE-2020-13802: Fixed in >= 3.14.0 https://github.com/erlang/rebar3/commit/2e2d1a6bb141a969b6483e082a2afd361fc2ece2