{"id":"CVE-2016-6902","details":"lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.","aliases":["PYSEC-2017-153"],"modified":"2026-07-13T07:26:57.977294632Z","published":"2017-04-24T19:59:00.330Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92591"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/08/22/17"},{"type":"FIX","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834949"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1369345"},{"type":"FIX","url":"https://github.com/ghantoos/lshell/commit/a686f71732a3d0f16df52ef46ab8a49ee0083c68"},{"type":"FIX","url":"https://github.com/ghantoos/lshell/issues/147"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ghantoos/lshell","events":[{"introduced":"73ebe9c7bf103c2c1b49bdaeeb52683de30f4098"},{"last_affected":"73ebe9c7bf103c2c1b49bdaeeb52683de30f4098"},{"fixed":"a686f71732a3d0f16df52ef46ab8a49ee0083c68"}],"database_specific":{"source":["CPE_STRING","REFERENCES"],"extracted_events":[{"introduced":"0.9.16"},{"last_affected":"0.9.16"}],"cpe":"cpe:2.3:a:lshell_project:lshell:0.9.16:*:*:*:*:*:*:*"}}],"versions":["0.9.16","0.9.18","0.9.17"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6902.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}