Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple path traversal in appspawn and nwebspawn services.
Vulnerability Description
OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
OpenHarmony 路径遍历漏洞
Vulnerability Description
OpenHarmony是中国开放原子开源基金会(OpenAtom Foundation)基金会的一种鸿蒙操作系统的开源项目。 OpenHarmony-v3.1.2 及之前版本存在路径遍历漏洞,该漏洞源于apppawn 和 nwebspawn 服务中存在多路径遍历,攻击者利用该漏洞可以创建任意目录或逃脱应用程序沙箱,如果与其他漏洞链接,它将允许非特权进程获得完全 root 权限。
CVSS Information
N/A
Vulnerability Type
N/A