Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary Code Execution using the validate function of csaf-validator-lib
Vulnerability Description
An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Secvisogram 输入验证错误漏洞
Vulnerability Description
Secvisogram是Secvisogram开源的一种网络工具。用于创建和编辑 CSAF 2.0 格式的安全咨询。 Secvisogram 0.1.0之前版本存在输入验证错误漏洞。攻击者利用该漏洞可以执行任意代码,并导致系统拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A