Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tcHgzLW14MnAtOWd2M84AAemo
Improper Neutralization of Special Elements used in a Command in FitNesse Wiki
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
Permalink: https://github.com/advisories/GHSA-mpx3-mx2p-9gv3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tcHgzLW14MnAtOWd2M84AAemo
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-mpx3-mx2p-9gv3, CVE-2014-1216
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-1216
- http://www.exploit-db.com/exploits/32568
- https://github.com/advisories/GHSA-mpx3-mx2p-9gv3
Affected Packages
maven:org.fitnesse:fitnesse
Dependent packages: 82Dependent repositories: 552
Downloads:
Affected Version Ranges: >= 20131110, < 20140418
Fixed in: 20140418
All affected versions:
All unaffected versions: