acme.sh remote code execution vulnerability

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Miroslav Lachman <000.fbsd_at_quip.cz>
Date: Fri, 09 Jun 2023 19:41:49 UTC

As far as I know FreeBSD uses acme.sh for Let's Encrypt certificates.
It was discovered yesterday there is a remote code execution 
vulnerability mainly used by HiCA.
https://github.com/acmesh-official/acme.sh/issues/4659

It is recommended to upgrade acme.sh (fixed today) and mark acme.sh 
vulnerable in VuXML database.

Kind regards
Miroslav Lachman