Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization Vulnerability by yaml config input in super-xray
Vulnerability Description
super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit `4d0d5966` and will be included in future releases. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Super Xray 代码问题漏洞
Vulnerability Description
Super Xray是4ra1n个人开发者的一款优秀的漏洞扫描工具。 Super Xray 0.7之前版本存在代码问题漏洞,该漏洞源于如果程序配置的输入是可信的会被存储在一个yaml文件中,对该文件有本地访问权的攻击者可以利用这一点控制程序。
CVSS Information
N/A
Vulnerability Type
N/A