Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
New line injection during configuration edition
Vulnerability Description
Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving `UpdateConfigCommandHandler` and preventing the use of new lines characters in new configuration values. As a workaround, only allow trusted source IP addresses to access to the administration dashboard.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
Cachet 注入漏洞
Vulnerability Description
Github Cachet是一个应用软件。一个开源状态页面系统。 Cachet 存在注入漏洞,该漏洞源于在 2.5.1 版本之前,经过身份验证的用户,无论其权限如何(用户或管理员),都可以利用配置版本功能(例如邮件设置)中的新行注入并在服务器上获得任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A