Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
unp 文件名远程任意Shell命令注入漏洞
Vulnerability Description
unp是用于在Debian平台下使用的压缩解压文档的perl脚本。 unp处理文件名时存在漏洞,本地攻击者可能利用此漏洞通过诱使用户执行特定操作来提升权限。 unp没有正确地转义文件名,如果执行以下操作的话: touch empty zip \`ls\`.zip empty unp \`ls\`.zip 就会给出目录列表。这意味着任何使用unp进行解压的应用程序都受基于文件名的命令注入攻击的影响。
CVSS Information
N/A
Vulnerability Type
N/A