Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Shell Command Execution in lookatme
Vulnerability Description
In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
lookatme 操作系统命令注入漏洞
Vulnerability Description
lookatme是个人开发者的一个基于终端的、可交互式用于markdown演示的 pypi 代码库。 lookatme (python/pypi package) 2.3.0之前版本存在操作系统命令注入漏洞,该漏洞使攻击者可能会在其系统上自动运行恶意的shell命令。
CVSS Information
N/A
Vulnerability Type
N/A