{"id":"USN-2771-1","summary":"click vulnerability","details":"It was discovered that click did not properly perform input sanitization\nduring click package installation. If a user were tricked into installing a\ncrafted click package, a remote attacker could exploit this to escalate\nprivileges by tricking click into installing lenient security policy for\nthe installed application.\n","modified":"2026-04-22T09:16:22.201331Z","published":"2015-10-15T20:08:03Z","related":["UBUNTU-CVE-2015-8768"],"upstream":["CVE-2015-8768","UBUNTU-CVE-2015-8768"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2771-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-8768"},{"type":"REPORT","url":"https://launchpad.net/bugs/1506467"}],"affected":[{"package":{"name":"click","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/click@0.4.21.1ubuntu0.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.21.1ubuntu0.2"}]}],"versions":["0.4.11","0.4.12","0.4.13","0.4.14","0.4.15","0.4.16","0.4.17.2","0.4.18.1","0.4.18.3","0.4.19","0.4.20","0.4.21.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"click","binary_version":"0.4.21.1ubuntu0.2"},{"binary_name":"gir1.2-click-0.4","binary_version":"0.4.21.1ubuntu0.2"},{"binary_name":"libclick-0.4-0","binary_version":"0.4.21.1ubuntu0.2"},{"binary_name":"packagekit-plugin-click","binary_version":"0.4.21.1ubuntu0.2"},{"binary_name":"python3-click","binary_version":"0.4.21.1ubuntu0.2"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"critical"}],"id":"CVE-2015-8768"}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2771-1.json"}}],"schema_version":"1.7.5"}