GNU Guile, an implementation of the Scheme language, provides a "REPL server" which is a command prompt that developers can connect to for live coding and debugging purposes. The REPL server is started by the '--listen' command-line option or equivalent API.
It was reported that the REPL server is vulnerable to the HTTP inter-protocol attack
This constitutes a remote code execution vulnerability for developers running a REPL server that listens on a loopback device or private network. Applications that do not run a REPL server, as is usually the case, are unaffected.
Created compat-guile18 tracking bugs for this issue:
Affects: fedora-all [bug 1383974]
Affects: epel-7 [bug 1383975]
Created guile tracking bugs for this issue:
Affects: fedora-all [bug 1383973]
It seems the repl server was added in guile-2.0, so the compat-guile18 packages shouldn't be affected.
Red Hat Product Security has rated this issue as having Moderate security
impact. This issue is not currently planned to be addressed in future
updates. For additional information, refer to the Issue Severity