Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Canto Curses 远程命令注入漏洞
Vulnerability Description
Canto是美国软件开发者Jack Miller所研发的一款基于ncurses(一个用于编写独立于终端的基于文本的用户界面的库)和feedparser(一个基于Java的RSS/Atom解析器)的RSS/ATOM新闻阅读器。Canto Curses是Canto守护进程的一个前端。 Canto Curses 0.9.0之前版本的canto_curses/guibase.py文件中存在安全漏洞。远程攻击者可借助URL中的shell元字符利用该漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A