{"id":"CVE-2008-3907","details":"The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.","modified":"2024-04-11T07:40:47Z","published":"2008-09-04T17:41:00Z","withdrawn":"2024-06-30T13:40:11.154660Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/31676"},{"type":"ADVISORY","url":"http://secunia.com/advisories/31995"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-200809-12.xml"},{"type":"WEB","url":"http://newsbeuter.wordpress.com/2008/09/01/newsbeuter-11-released-contains-security-fix-please-upgrade/"},{"type":"WEB","url":"http://www.newsbeuter.org/downloads/CHANGES"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2008/09/01/4"},{"type":"WEB","url":"http://www.securityfocus.com/bid/30964"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44791"}],"affected":[{"package":{"name":"newsbeuter","ecosystem":"Debian:10","purl":"pkg:deb/debian/newsbeuter?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2-1"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2008-3907.json"}}],"schema_version":"1.7.3"}