CVE-2017-1002153
CVE-2017-1002153
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
06 Oct 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
Affected products
Koji Project · KojiReferences
https://pagure.io/koji/issue/563