{"id":"PYSEC-2017-153","details":"lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.","aliases":["CVE-2016-6902"],"modified":"2026-07-13T07:15:26.493678053Z","published":"2017-04-24T19:59:00.330Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92591"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/08/22/17"},{"type":"FIX","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834949"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1369345"},{"type":"FIX","url":"https://github.com/ghantoos/lshell/commit/a686f71732a3d0f16df52ef46ab8a49ee0083c68"},{"type":"FIX","url":"https://github.com/ghantoos/lshell/issues/147"}],"affected":[{"package":{"name":"limited-shell","ecosystem":"PyPI","purl":"pkg:pypi/limited-shell"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.9.16"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/limited-shell/PYSEC-2017-153.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}