Candidate: CVE-2020-11722
PublicDate: 2020-04-12 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11722
 https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html
 https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
 https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
Description:
 Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote
 attackers to execute arbitrary code via Lua bytecode embedded in an
 uploaded .crawlrc file.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_crawl:
upstream_crawl: needs-triage
precise/esm_crawl: DNE
trusty_crawl: ignored (out of standard support)
trusty/esm_crawl: DNE
xenial_crawl: ignored (end of standard support, was needs-triage)
bionic_crawl: needs-triage
eoan_crawl: ignored (reached end-of-life)
focal_crawl: needs-triage
groovy_crawl: not-affected (2:0.25.0-1)
hirsute_crawl: not-affected (2:0.25.0-1)
impish_crawl: not-affected (2:0.25.0-1)
jammy_crawl: not-affected (2:0.25.0-1)
devel_crawl: not-affected (2:0.25.0-1)