Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
liferea Feed Enrichment update.c update_job_run os command injection
Vulnerability Description
A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Liferea 操作系统命令注入漏洞
Vulnerability Description
Liferea是Lars Windolf个人开发者的一个桌面订阅源阅读器/新闻聚合器。将客户喜爱订阅的所有内容汇集到一个简单的界面中,便于组织和浏览订阅源。 Liferea 存在操作系统命令注入漏洞,该漏洞源于文 src/update.c的函数 update_job_run存在问题,对参数source的操作会导致操作系统命令注入。
CVSS Information
N/A
Vulnerability Type
N/A