CVE-2017-15924 – Debian Security Advisory 4009-1

https://notcve.org/view.php?id=CVE-2017-15924

27 Oct 2017 — In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. En manager.c en ss-manager en shadowsocks-libev 3.1.0, un análisis sintáctico incorrecto permite que se inyecten comandos mediante metacaracteres shell en una petición de configuración JSON recibida mediante tráfico UDP 127.0.0.1. Esto está re... • http://openwall.com/lists/oss-security/2017/10/13/2 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •