Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
KDE kio和kdelibs 安全漏洞
Vulnerability Description
KDE kio是一个包含在KDE Frameworks 5和KDE Software Compilation 4中的系统库。kdelibs是一个用于在Qt框架上创建和开发KDE软件的库。 KDE kio 5.32之前的版本和kdelibs 4.14.30之前的版本中的kpac/script.cpp文件存在安全漏洞,该漏洞源于程序使用完整的https URL(包括基本的身份验证证书、查询字符串或PATH_INFO)调用‘PAC FindProxyForURL’函数。远程攻击者可借助特制的PAC文件利用该漏洞
CVSS Information
N/A
Vulnerability Type
N/A