Approved changes feed: RSS · Atom
cpe:2.3:a:acme.sh_project:acme.sh:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Acme.Sh Project (6a662101-6504-5aeb-9ec2-c73ead6400cb) |
|---|---|
| Product | Acme.Sh (a9784f9a-f50b-554c-8805-4a14685476e7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32111 |
vulnerable | 2026-06-03 15:00:40.041533 |
Details available
HIGH (8.7)
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout.
Published: 2025-04-04T00:00:00.000Z
Updated: 2025-04-04T14:22:55.509Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38198 |
vulnerable | 2026-06-03 14:52:30.579418 |
Details available
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.
Published: 2023-07-13T00:00:00.000Z
Updated: 2025-02-13T17:01:47.598Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.