—

PYSEC-2021-353

Details

furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / openvpn-monitor

Introduced in: 0

No fixed version published yet for openvpn-monitor (pip). Pin to a known-safe version or switch to an alternative.

References

http://packetstormsecurity.com/files/164278/OpenVPN-Monitor-1.1.3-Command-Injection.html [WEB]
https://github.com/furlongm/openvpn-monitor/releases [WEB]
https://github.com/advisories/GHSA-4258-vcjw-wwxx [ADVISORY]