Shellinabox Project Shellinabox — known CVE vulnerabilities
Every CVE whose affected-product data names Shellinabox Project Shellinabox, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2018-16789 — CVSS 7.5 (high): libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted…
CVE-2015-8400 — CVSS 7.4 (high): The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS…