FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

acme.sh -- closes potential remote vuln

Affected packages
		acme.sh	<	3.0.6

Details

VuXML ID	fdca9418-06f0-11ee-abe2-ecf4bbefc954
Discovery	2023-06-08
Entry	2023-06-09

Neil Pang reports:

HiCA was injecting arbitrary code/commands into the certificate obtaining process and acme.sh is running them on the client machine.

[source]

References

URL	https://github.com/acmesh-official/acme.sh/issues/4665

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.