Midnight-Commander: >> Midnight Commander >> 4.8.5 Security Vulnerabilities
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.
CVSS Score
7.5
EPSS Score
0.005
Published
2021-08-30
Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.
CVSS Score
5.1
EPSS Score
0.006
Published
2012-10-10