Posted by Dirk-Willem van Gulik on Apr 03

ninka license identification tool
insufficient escaping of external input

CVE-2017-7239 / CVSS 9.3
1.06

The ninka license identification tool does not properly escape
special characters in the files it encounters – such as the ‘&’.

In case of an alien code bases; or a code base that is brought in for
examination – a third party may doctor the file names as to cause
a…