Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2008-3907 — newsbeuter - command injection · VulnScope

CVE-2008-3907

newsbeuter - command injection

EPSS 0.73%

Description

The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.

How to fix CVE-2008-3907

To remediate CVE-2008-3907, upgrade the affected package to a fixed version below.

Debian/newsbeuter—upgrade to 1.2-1 or later
Debian/newsbeuter—upgrade to 0.9.1-1+lenny2 or later
Debian/newsbeuter—upgrade to 0.9.1-1+lenny3 or later

Is CVE-2008-3907 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 1.2-1
from 0, < 0.9.1-1+lenny2
from 0, < 0.9.1-1+lenny3

References (8)

ADVISORYsecunia.com/advisories/31676
ADVISORYsecunia.com/advisories/31995
ADVISORYsecurity.gentoo.org/glsa/glsa-200809-12.xml
WEBnewsbeuter.wordpress.com/2008/09/01/newsbeuter-11-released-contains-security-fix-please-upgrade/

Metadata

Published: 9/4/2008
Modified: 3/9/2026

Also known as:

DEBIAN-CVE-2008-3907debian
DTSA-164-1other
DTSA-164-2other

WEB

exchange.xforce.ibmcloud.com/vulnerabilities/44791

WEBwww.newsbeuter.org/downloads/CHANGES

WEBwww.openwall.com/lists/oss-security/2008/09/01/4

WEBwww.securityfocus.com/bid/30964

Debian/newsbeuter

Debian/newsbeuter

Debian/newsbeuter