https://docs.python.org/3/library/shlex.html#shlex.quote
A pull request has been made since the author did not respond to e-mail,
Twitter, or IRC.
https://bitbucket.org/birkenfeld/pygments-main/pull-requests/501/fix-shell-injection-in/diff
Regards,
Javantea
___
yone has questions or comments about this or related topics, feel free to
contact me.
Regards,
Javantea
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Remote Code Execution in realms-wiki install.sh
by Javantea
Mar 15, 2015
Product: Realms Wiki
Website: http://realms.io/
Github: https://github.com/scragg0x/realms-wiki
CVSS Score: 7.9 (AV:A/AC:M/Au:N/C:C/I:C/A:C)
On line 20 of realms-wiki install.sh, a GPG key that is requested via HTTP is
nce I reported the vulnerability and I have
heard nothing back. Therefore I am using full-disclosure to warn users that
their sites can be CSRFed. I am also posting the remote code execution
vulnerability along with this (which is lower severity due to the difficulty in
exploita
