This issue was addressed by disabling arbitrary code execution through per-repository configuration. For more information, see https://github.com/Powerline/powerline-gitstatus/blob/master/CONFIGURATION.md. CVE-2018-12933 An unprivileged user could create a specially crafted file in the user's home directory. When opening this file, a user could be tricked into running commands with the user's privileges. This issue does not affect every user, only a user that has the powerline-file-viewer application installed. This issue was addressed by not loading files from the user's home directory. For more information, see https://github.com/Powerline/powerline-gitstatus/blob/master/FILES.md. CVE-2018-12934 An unprivileged user could create a specially crafted file in the user's home directory. When opening this file, a user could be tricked into running commands with the user's privileges. This issue does not affect every user, only a user that has the powerline-file-viewer application installed. This issue was addressed by not loading files from the user's home directory. For more information, see https://github.com/Powerline/powerline-gitstatus/blob/master/FILES.md. CVE-2018-12935 An unprivileged user could create a specially crafted file in the user's home directory. When opening this
References ^ https://github.com/Powerline/powerline-gitstatus/blob/master/CONFIGURATION.md
^ https://github.com/Powerline/powerline-gitstatus/blob/master/FILES.md
Timeline
Published on: 10/13/2022 03:15:00 UTC
Last modified on: 10/17/2022 13:44:00 UTC