CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38173
https://notcve.org/view.php?id=CVE-2021-38173
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. Btrbk versiones anteriores a 0.31.2, permite una ejecución de comandos debido a un manejo inapropiado de los hosts remotos que filtran los comandos SSH usando el archivo ssh_filter_btrbk.sh en la función authorized_keys • https://github.com/digint/btrbk/blob/master/ChangeLog https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 https://lists.debian.org/debian-lts-announce/2021/09/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP2T32JMENJFRP2HWXR7FTTZVRTTPECL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM7GLTUN5YS4KE2RNBX732EAMVVGNEX3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •