oss-sec mailing list archives
Remote code execution in horde < 5.1.1
From: Pedro Ribeiro <pedrib () gmail com>
Date: Tue, 28 Jan 2014 10:10:19 +0000
Hi, There is a remote code execution bug in horde affecting all versions from at least horde 3.1.x to 5.1.1. This has been fixed in commit https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3 Also check changelog https://github.com/horde/horde/blob/82c400788537cfc0106b68447789ff53793ac086/bundles/groupware/docs/CHANGES#L215 Can you please assign a CVE for this issue? Thanks in advance. PS: while I discovered this bug independently reviewing horde3 code, the full credit should go to the horde maintainers as they discovered and fixed it first on horde5. Regards Pedro
Current thread:
- Remote code execution in horde < 5.1.1 Pedro Ribeiro (Jan 28)
- Re: Remote code execution in horde < 5.1.1 cve-assign (Jan 28)
- Re: Remote code execution in horde < 5.1.1 Murray McAllister (Jan 28)
- Re: Remote code execution in horde < 5.1.1 Murray McAllister (Jan 28)
- Re: Remote code execution in horde < 5.1.1 Jan Schneider (Jan 29)
- Re: Remote code execution in horde < 5.1.1 Murray McAllister (Jan 28)