VDB

GSD-2017-11610

GSD-2017-11610 PUBLISHED

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.

Affected Products

VendorProductVersions
n/an/a*

Timeline

  • Sep 6, 2011 CVE Published
  • Sep 25, 2017 PoC Published
  • May 29, 2018 PoC Published
  • Oct 9, 2020 PoC Published
  • Dec 14, 2024 PoC Published
  • Dec 15, 2024 PoC Published
  • Dec 25, 2024 PoC Published
  • Dec 26, 2024 PoC Published
  • Dec 28, 2024 PoC Published
  • Dec 30, 2024 PoC Published
  • Jan 3, 2025 PoC Published
  • Jan 6, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›