Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code is getExtensionIdForOpcode in serialization/sb3.js. The use of _ is incompatible with a protection mechanism in older versions, in which URLs were split and consequently deserialization attacks were prevented. NOTE: the scratch.mit.edu hosted service is not affected because of the lack of worker scripts.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MIT Lifelong Kindergarten Scratch scratch-vm 代码问题漏洞
Vulnerability Description
MIT Lifelong Kindergarten Scratch scratch-vm是美国麻省理工学院(MIT)的一款基于块的视觉编程语言。 MIT Lifelong Kindergarten Scratch scratch-vm 0.2.0-prerelease.20200714185213之前版本中存在安全漏洞。攻击者可利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A