Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Inkdrop 操作系统命令注入漏洞
Vulnerability Description
Inkdrop是日本Takuya个人开发者的一个带有强大 Markdown 编辑器的笔记应用程序。 Inkdrop 存在操作系统命令注入漏洞,该漏洞源于iframe中不正确的输入验证。攻击者可利用该漏洞将专门设计的数据传递给应用程序,并在目标系统上执行任意的操作系统命令。以下产品及版本受到影响:Inkdrop: 5.0.0、5.0.1、5.1.0、5.1.1、5.1.2、5.2.0、5.2.1、5.3.0。
CVSS Information
N/A
Vulnerability Type
N/A