Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
SketchSVG 代码注入漏洞
Vulnerability Description
eBay SketchSVG是eBay公司的用于从Sketch文件中提取图标并压缩成SVG的工具。 SketchSVG存在安全漏洞,该漏洞源于在调用shell.exec时容易受到任意代码注入的攻击。
CVSS Information
N/A
Vulnerability Type
N/A