CVE-2019-13624

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1100%

EPSS Percentile38.17th

PublishedJul 17, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.

Affected Platforms (CPE)

📦

Onosproject

Onos

= 1.15.0

References & Advisories

🔗 https://gerrit.onosproject.org/#/c/20767/

Related Vulnerabilities

CVE-2018-10006169.8

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\m...

CVE-2019-10102459.8

The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A rem...

CVE-2018-10006149.8

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/...

CVE-2019-10102349.8

The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely ex...