View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2014-8517 severity moderate: SUSE including 5 source package names (tnftp-20151004-1.3, tnftp-20151004-bp153.1.16, tnftp-20151004-bp154.2.20, tnftp-20151004-lp150.1.9, tnftp-20151004-lp152.3.8), 5 product×package rows across 5 product lines (openSUSE Leap 15.0, openSUSE Leap 15.2, … (5 product lines)): Fixed 5.
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.