{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200673?format=json","vulnerability_id":"VCID-8t41-uqbt-a7c3","summary":"mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script.  NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as \"get\" which could overwrite executable files.","aliases":[{"alias":"CVE-2007-2348"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50827?format=json","purl":"pkg:deb/debian/lftp@3.5.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@3.5.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1080748?format=json","purl":"pkg:deb/debian/lftp@3.7.3-1%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j23j-8dg5-t3fx"},{"vulnerability":"VCID-nmnk-ewwp-4qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@3.7.3-1%252Blenny1"},{"url":"http://public2.vulnerablecode.io/api/packages/50816?format=json","purl":"pkg:deb/debian/lftp@4.8.4-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@4.8.4-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/50811?format=json","purl":"pkg:deb/debian/lftp@4.9.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@4.9.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/50822?format=json","purl":"pkg:deb/debian/lftp@4.9.2-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@4.9.2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/50819?format=json","purl":"pkg:deb/debian/lftp@4.9.3-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@4.9.3-1.1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1080742?format=json","purl":"pkg:deb/debian/lftp@1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73qw-hv57-7ka5"},{"vulnerability":"VCID-8t41-uqbt-a7c3"},{"vulnerability":"VCID-j23j-8dg5-t3fx"},{"vulnerability":"VCID-nmnk-ewwp-4qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@1.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1080743?format=json","purl":"pkg:deb/debian/lftp@1.1.981023-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73qw-hv57-7ka5"},{"vulnerability":"VCID-8t41-uqbt-a7c3"},{"vulnerability":"VCID-j23j-8dg5-t3fx"},{"vulnerability":"VCID-nmnk-ewwp-4qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@1.1.981023-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1080744?format=json","purl":"pkg:deb/debian/lftp@2.1.10-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73qw-hv57-7ka5"},{"vulnerability":"VCID-8t41-uqbt-a7c3"},{"vulnerability":"VCID-j23j-8dg5-t3fx"},{"vulnerability":"VCID-nmnk-ewwp-4qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@2.1.10-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1080745?format=json","purl":"pkg:deb/debian/lftp@2.4.9-1woody2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73qw-hv57-7ka5"},{"vulnerability":"VCID-8t41-uqbt-a7c3"},{"vulnerability":"VCID-j23j-8dg5-t3fx"},{"vulnerability":"VCID-nmnk-ewwp-4qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@2.4.9-1woody2"},{"url":"http://public2.vulnerablecode.io/api/packages/1080746?format=json","purl":"pkg:deb/debian/lftp@3.1.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8t41-uqbt-a7c3"},{"vulnerability":"VCID-j23j-8dg5-t3fx"},{"vulnerability":"VCID-nmnk-ewwp-4qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@3.1.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1080747?format=json","purl":"pkg:deb/debian/lftp@3.5.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8t41-uqbt-a7c3"},{"vulnerability":"VCID-j23j-8dg5-t3fx"},{"vulnerability":"VCID-nmnk-ewwp-4qbg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lftp@3.5.6-1"},{"url":"http://public2.vulnerablecode.io/api/packages/370746?format=json","purl":"pkg:rpm/redhat/lftp@3.7.11-4?arch=el5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8t41-uqbt-a7c3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/lftp@3.7.11-4%3Farch=el5"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2348.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2348.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2348","reference_id":"","reference_type":"","scores":[{"value":"0.05138","scoring_system":"epss","scoring_elements":"0.90081","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05138","scoring_system":"epss","scoring_elements":"0.90112","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05138","scoring_system":"epss","scoring_elements":"0.9012","published_at":"2026-06-13T12:55:00Z"},{"value":"0.05138","scoring_system":"epss","scoring_elements":"0.90118","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2348"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2348","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2348"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=236238","reference_id":"236238","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=236238"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1278","reference_id":"RHSA-2009:1278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1278"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8t41-uqbt-a7c3"}