Vulnerability in Fedora Modularity Modulemd

CVE-2017-1002157

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

EPSS: 0.014 (80.6th percentile) — read the EPSS interpretation.

Affected products

Fedora Modularity Modulemd — versions unspecified

Weakness classification (CWE)

CWE-242

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

pagure.io/modulemd/issue/55 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-1002157?: CVE-2017-1002157 is a vulnerability in Fedora Modularity Modulemd, classified under CWE-242. Published 2019-01-10.
Is CVE-2017-1002157 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.