Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/159027/Rebar3-3.13.2-Command-Injection.html | Exploit Third Party Advisory VDB Entry |
https://github.com/vulnbe/poc-rebar3.git | Third Party Advisory |
https://vuln.be/post/rebar3-command-injection/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-09-02 10:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-13802
Mitre link : CVE-2020-13802
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
erlang
- rebar3