CVE-2014-1216
Improper Neutralization of Special Elements used in a Command in FitNesse Wiki
EPSS 3.9%
Description
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
How to fix CVE-2014-1216
To remediate CVE-2014-1216, upgrade the affected package to a fixed version below.
- Maven/org.fitnesse:fitnesse—upgrade to 20140418 or later
Is CVE-2014-1216 being exploited?
Low — EPSS is 3.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 20131110, < 20140418