{"id":"CVE-2012-5642","details":"server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.","modified":"2026-01-27T04:11:26.126283Z","published":"2012-12-31T11:50:27Z","withdrawn":"2026-01-27T04:11:26.126283Z","references":[{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:078"},{"type":"FIX","url":"https://github.com/fail2ban/fail2ban/commit/83109bc"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=887914"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00001.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00002.html"},{"type":"WEB","url":"http://sourceforge.net/mailarchive/message.php?msg_id=30193056"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/12/17/2"},{"type":"WEB","url":"https://bugs.gentoo.org/show_bug.cgi?id=447572"},{"type":"WEB","url":"https://raw.github.com/fail2ban/fail2ban/master/ChangeLog"}],"schema_version":"1.7.3"}