{"id":"CVE-2015-9059","details":"picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.","modified":"2026-04-10T03:45:38.135236Z","published":"2017-05-28T00:29:00Z","references":[{"type":"ADVISORY","url":"https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1"},{"type":"FIX","url":"https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00030.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}