CVE-2004-0180
cvs - several vulnerabilities
EPSS 4.2%
Description
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
How to fix CVE-2004-0180
To remediate CVE-2004-0180, upgrade the affected package to a fixed version below.
- Debian/cvs—upgrade to 1:1.12.5-4 or later
- Debian/cvs—upgrade to 1.11.1p1debian-9woody2 or later
Is CVE-2004-0180 being exploited?
Low — EPSS is 4.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1:1.12.5-4
- from 0, < 1.11.1p1debian-9woody2