Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection
Vulnerability Description
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
cocoapods-downloader 参数注入漏洞
Vulnerability Description
cocoapods-downloader是一个小型库。用于从文件夹中的遥控器下载文件。 cocoapods-downloader 1.6.2之前版本存在安全漏洞,该漏洞源于hg参数存在命令注入。攻击者调用下载函数可以设置附加标志的方式传递给 hg clone 命令利用该漏洞实现执行命令注入。
CVSS Information
N/A
Vulnerability Type
N/A