Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
Antilles 代码问题漏洞
Vulnerability Description
Lenovo Antilles是中国联想(Lenovo)公司的一种用于高性能计算 (Hpc) 的开源基础设施管理软件。提供集群管理和监控、作业调度和管理、集群用户管理、帐户管理和文件系统管理等功能。 Antilles open-source software 1.0.1之前版本存在安全漏洞,该漏洞源于公共包索引(PyPi)中不存在requirements.txt中列出的包。攻击者可利用该漏洞在安装过程中远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A