漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
pacman 操作系统命令注入漏洞
Vulnerability Description
pacman是一款使用在Linux中的软件包管理器。 pacman 5.2之前版本中的conf.c文件的download_with_xfercommand()函数存在操作系统命令注入漏洞。远程攻击者可借助特制请求利用该漏洞在系统上执行任意shell命令。
CVSS Information
N/A
Vulnerability Type
N/A