SQL Injection in Debian Lintian

CVE-2009-4015

Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.

Vulnerability class: SQL Injection

EPSS: 0.039 (89.0th percentile) — read the EPSS interpretation.

Affected products

  • Debian Lintian — versions 1.24.0, 1.23.22, 1.23.8
  • N/a — versions n/a

Weakness classification (CWE)

References