CVE-2017-11610
A vulnerability has been found where an authenticated client can send a
malicious XML-RPC request to supervisord that will run arbitrary shell
commands on the server. The commands will be run as the same user as
supervisord. Depending on how supervisord has been configured, this may be
root. Supervisor 3.3.3 has been released to fix this vulnerability. The fix
has also been backported to several older versions. All users are advised to
upgrade.
Details:
https://github.com/Supervisor/supervisor/issues/964
_______________________________________________
Supervisor-users mailing list
Supervisor-users@lists.supervisord.org
https://lists.supervisord.org/mailman/listinfo/supervisor-users
