Vulnerability in Suse Kiwi
CVE-2011-4195
kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in an image name.
EPSS: 0.013 (80.2th percentile) — read the EPSS interpretation.
Affected products
- Suse Kiwi
- Suse Studio_extension_for_system_z — versions 1.2
- Suse Studio_onsite — versions 1.2
- N/a — versions n/a
References
- [oss-security] 20111102 kiwi shell meta char injection (mailing-list, x_refsource_MLIST)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch)
- SUSE-SU-2011:1324 (vendor-advisory, x_refsource_SUSE, Vendor Advisory)