FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

acme.sh -- closes potential remote vuln

Affected packages
acme.sh < 3.0.6

Details

VuXML ID fdca9418-06f0-11ee-abe2-ecf4bbefc954
Discovery 2023-06-08
Entry 2023-06-09

Neil Pang reports:

HiCA was injecting arbitrary code/commands into the certificate obtaining process and acme.sh is running them on the client machine.

References

URL https://github.com/acmesh-official/acme.sh/issues/4665