{"id":"CVE-2016-6902","details":"lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.","modified":"2026-04-16T06:26:26.794687502Z","published":"2017-04-24T19:59:00.330Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92591"},{"type":"FIX","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834949"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1369345"},{"type":"FIX","url":"https://github.com/ghantoos/lshell/commit/a686f71732a3d0f16df52ef46ab8a49ee0083c68"},{"type":"FIX","url":"https://github.com/ghantoos/lshell/issues/147"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/08/22/17"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ghantoos/lshell","events":[{"introduced":"0"},{"last_affected":"73ebe9c7bf103c2c1b49bdaeeb52683de30f4098"},{"fixed":"a686f71732a3d0f16df52ef46ab8a49ee0083c68"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.16"}]}}],"versions":["0.9.15","0.9.15.1","0.9.16","0.9.17","0.9.18"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6902.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}