CVE-2012-2104
EPSS 4.3%
Description
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
How to fix CVE-2012-2104
To remediate CVE-2012-2104, upgrade the affected package to a fixed version below.
- Debian/munin—upgrade to 2.0~rc6-1 or later
Is CVE-2012-2104 being exploited?
Low — EPSS is 4.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.0~rc6-1