Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Metview 安全漏洞
Vulnerability Description
Metview是一款开源的气象分析应用程序。该程序能够从多种来源获取数据并进行气象分析。 Metview 4.7.3版本中的etc/ObjectList存在安全漏洞,该漏洞源于程序在启动程序之前,没有验证字符串。远程攻击者可借助特制的URL利用该漏洞实施参数注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A