{"id":"PYSEC-2017-154","details":"lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.","aliases":["CVE-2016-6903"],"modified":"2026-07-13T07:15:26.803491504Z","published":"2017-04-24T19:59:00.377Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92591"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/08/22/17"},{"type":"FIX","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834946"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1369345"},{"type":"FIX","url":"https://github.com/ghantoos/lshell/commit/e72dfcd1f258193f9aaea3591ecbdaed207661a0"},{"type":"FIX","url":"https://github.com/ghantoos/lshell/issues/149"},{"type":"FIX","url":"https://github.com/ghantoos/lshell/pull/153/commits/a686f71732a3d0f16df52ef46ab8a49ee0083c68"}],"affected":[{"package":{"name":"limited-shell","ecosystem":"PyPI","purl":"pkg:pypi/limited-shell"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"0.9.16"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/limited-shell/PYSEC-2017-154.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}