CVE-2020-15591

Description

fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).

How to fix CVE-2020-15591

To remediate CVE-2020-15591, upgrade the affected package to a fixed version below.

• Debian/fex—upgrade to 20160919-2 or later

Is CVE-2020-15591 being exploited?

Moderate — EPSS is 5.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 20160919-2

CVSS scores

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-15591