Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an __import__('os').popen('whoami').read() line. NOTE: the vendor's position is that the product is "vulnerable by design" and the current behavior will be retained
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SageMath Sage Cell Server 操作系统命令注入漏洞
Vulnerability Description
SageMath Sage Cell Server是一款Cell服务器,它能够提供将Sage计算嵌入到网页中的方法。 SageMath Sage Cell Server 2019-10-05及之前版本中存在安全漏洞。攻击者可利用该漏洞在底层操作系统上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A