Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary code execution via configuration file in Miller
Vulnerability Description
In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Miller 代码问题漏洞
Vulnerability Description
Miller是开源的一个处理数据格式的工具。 Miller 5.9.0版本中存在代码问题漏洞,该漏洞允许攻击者通过在目录中存放恶意的.mlrrc文件来使Miller运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A