CVE-2010-2445
EPSS 1.2%
Description
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.
How to fix CVE-2010-2445
To remediate CVE-2010-2445, upgrade the affected package to a fixed version below.
- Debian/freeciv—upgrade to 2.2.1-1 or later
Is CVE-2010-2445 being exploited?
Low — EPSS is 1.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.1-1