Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LilyPond lilypond-invoke-editor 参数注入漏洞
Vulnerability Description
LilyPond是一套开源的音频编辑软件。lilypond-invoke-editor是其中的一个用于调用编辑器的工具。 LilyPond 2.19.80版本中的lilypond-invoke-editor存在安全漏洞,该漏洞源于程序在启动由BROWSER环境变量指定的程序之前,没有验证字符串。远程攻击者可借助特制的URL利用该漏洞实施参数注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A