Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient URL encoding flaw in allowed script location check
Vulnerability Description
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
CVSS Information
N/A
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
LibreOffice 路径遍历漏洞
Vulnerability Description
LibreOffice是文档基金会(The Document Foundation,TDF)的一套开源的办公软件套件。该产品包含Writer(文本文档)、Calc(电子表格)和Impress(演示文稿)等应用程序。 LibreOffice 6.2.6之前版本中存在安全漏洞。攻击者可利用该漏洞绕过为解决CVE-2018-16858漏洞而添加的安全保护。
CVSS Information
N/A
Vulnerability Type
N/A