CVE-2017-9274

Summary

A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.

Affected Software

VendorProductVersion RangeStatus
SUSEobs-service-source_validatorunspecified < 0.7affected

Weaknesses

  • Shell code injection due to insufficient escaping of RPM spec file macros.
  • CWE-78: CWE-78

ADP Enrichment

CVE Program Container

Additional References

References