obs-service-source_validator (SUSE:Linux Enterprise Software Development Kit 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP3 package obs-service-source_validator, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2017-14804 — CVSS 9.9 (critical): The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write…
CVE-2017-9274 — CVSS 7.8 (high): A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM…
CVE-2010-4226 — CVSS 7.2 (high): cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a…