shadowsocks/shadowsocks-libev

Releases86

Frequency1 month 3 weeks

Last Release 4 months ago

Stars16.2K

Bug-fix-only libev port of shadowsocks. Future development moved to shadowsocks-rust

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2017-15924 ↗	Oct 27, 2017Friday, 27 October 2017, 16:29	—	7.2 HIGH
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.