Vulnerability Details CVE-2023-22970
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.0%
CVSS Severity
CVSS v3 Score 7.8
References
- https://github.com/bottlesdevs/Bottles/issues/2463
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N24KI3O3FWGKJSLATY35ZM3CHSABJ6WE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJZEE4RAAK7OPVQNE4BOWUVQDVSZU6NJ/
- https://github.com/bottlesdevs/Bottles/issues/2463
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N24KI3O3FWGKJSLATY35ZM3CHSABJ6WE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJZEE4RAAK7OPVQNE4BOWUVQDVSZU6NJ/
Products affected by CVE-2023-22970
-
cpe:2.3:a:usebottles:bottles:50
-
cpe:2.3:a:usebottles:bottles:50.1
-
cpe:2.3:a:usebottles:bottles:50.2
-
cpe:2.3:o:fedoraproject:fedora:37
-
cpe:2.3:o:fedoraproject:fedora:38