Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Control of Generation of Code ('Code Injection') in Azure CLI
Vulnerability Description
Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Microsoft Azure 操作系统命令注入漏洞
Vulnerability Description
Microsoft Azure是美国微软(Microsoft)公司的一套开放的企业级云计算平台。 Microsoft Azure CLI 2.40.0之前版本存在操作系统命令注入漏洞,该漏洞源于主机运行Azure CLI命令,其中参数值由外部源提供,存在潜在代码注入漏洞。
CVSS Information
N/A
Vulnerability Type
N/A