FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

shadowsocks-libev -- command injection via shell metacharacters

Affected packages
3.1.0 <= shadowsocks-libev < 3.1.1

Details

VuXML ID 3746de31-0a1a-11e8-83e7-485b3931c969
Discovery 2017-10-27
Entry 2018-02-05

MITRE reports:

Improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic.

References

URL https://nvd.nist.gov/vuln/detail/CVE-2017-15924