Overview
- Description
- Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-dash_project:linux-dash:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FF0A2F6-0329-4C74-A295-143BD9E4F2D8",
"versionEndExcluding": "2.0"
}
],
"operator": "OR"
}
]
}
]