CVE Vulnerabilities

CVE-2019-3462

Published: Jan 28, 2019 | Modified: Nov 21, 2024
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
HIGH
root.io logo minimus.io logo echo.ai logo

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

Affected Software

NameVendorStart VersionEnd Version
Advanced_package_toolDebian*1.2.30 (excluding)
Advanced_package_toolDebian1.3 (including)1.4.8 (including)
AptUbuntubionic*
AptUbuntucosmic*
AptUbuntudevel*
AptUbuntuesm-infra-legacy/trusty*
AptUbuntuesm-infra-legacy/xenial*
AptUbuntuesm-infra/bionic*
AptUbuntuesm-infra/xenial*
AptUbuntutrusty*
AptUbuntutrusty/esm*
AptUbuntuxenial*

References