Acme Sh
1 CVEs
product
Monthly
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
RCE
Code Injection
Acme Sh
NVD
GitHub
CVSS 3.1
9.8
EPSS
0.9%
EPSS 1%
CVSS 9.8
CRITICAL
Act Now
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
RCE
Code Injection
Acme Sh
NVD
GitHub