CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 4CVE-2019-17080 – mintinstall 7.9.9 - Code Execution
https://notcve.org/view.php?id=CVE-2019-17080
mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code execution if a REVIEWS_CACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports. mintinstall (también se conoce como Software Manager) versión 7.9.9 para Linux Mint, permite la ejecución de código si un atacante controla un archivo de REVIEWS_CACHE, ya que se produce un unpickle. Esto se resuelve en 8.0.0 y backports. mintinstall version 7.9.9 suffers from an object injection vulnerability. • https://www.exploit-db.com/exploits/47457 http://packetstormsecurity.com/files/154722/mintinstall-7.9.9-Code-Execution.html https://forums.linuxmint.com/viewtopic.php?f=143&t=302960 https://github.com/Andhrimnirr/Mintinstall-object-injection https://github.com/linuxmint/mintinstall/blob/master/debian/changelog • CWE-502: Deserialization of Untrusted Data •