{"id":"CVE-2017-10708","details":"An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.","modified":"2026-03-14T09:23:44.937804Z","published":"2017-07-18T20:29:00.200Z","references":[{"type":"ADVISORY","url":"https://launchpad.net/bugs/1700573"},{"type":"ADVISORY","url":"https://launchpad.net/ubuntu/+source/apport/+changelog"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.20.6"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-10708.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}