Candidate: CVE-2019-17400
PublicDate: 2019-10-21 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17400
 https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/
 https://github.com/unoconv/unoconv/pull/510
Description:
 The unoconv package before 0.9 mishandles untrusted pathnames, leading to
 SSRF and local file inclusion.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_unoconv:
upstream_unoconv: released (0.7-2)
precise/esm_unoconv: DNE
trusty_unoconv: ignored (out of standard support)
trusty/esm_unoconv: needed
xenial_unoconv: ignored (end of standard support, was needed)
bionic_unoconv: needed
disco_unoconv: ignored (reached end-of-life)
eoan_unoconv: ignored (reached end-of-life)
focal_unoconv: not-affected (0.7-2)
groovy_unoconv: not-affected (0.7-2)
hirsute_unoconv: not-affected (0.7-2)
impish_unoconv: not-affected (0.7-2)
jammy_unoconv: not-affected (0.7-2)
devel_unoconv: not-affected (0.7-2)