Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Terminology 安全漏洞
Vulnerability Description
Terminology是一款EFL(编程语言)终端仿真器。 Terminology 1.3.1之前版本中存在安全漏洞,该漏洞源于程序错误处理popmedia。远程攻击者可利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A