Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dropbox merou SSH Public Key public_key.py add_public_key injection
Vulnerability Description
A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function add_public_key of the file grouper/public_key.py of the component SSH Public Key Handler. The manipulation of the argument public_key_str leads to injection. It is possible to launch the attack remotely. The name of the patch is d93087973afa26bc0a2d0a5eb5c0fde748bdd107. It is recommended to apply a patch to fix this issue. VDB-216906 is the identifier assigned to this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Dropbox Merou 注入漏洞
Vulnerability Description
Dropbox Merou是Dropbox开源的一个允许用户创建和管理自己组成员资格的应用程序。 Dropbox Merou 存在注入漏洞,该漏洞源于组件SSH Public Key Handler中grouper/public_key.py文件的add_public_key函数存在问题,对参数public_key_str的操作会导致注入。
CVSS Information
N/A
Vulnerability Type
N/A