Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OS Command Injection via GIT_PATH in pymedusa
Vulnerability Description
pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ > advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute arbitrary OS commands as the user running the pymedusa program. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
pyMedusa 操作系统命令注入漏洞
Vulnerability Description
pyMedusa是pyMedusa开源的一个电视节目的自动视频库管理器。 pymedusa 1.0.12之前版本存在操作系统命令注入漏洞。攻击者利用该漏洞可以使用任意操作系统命令更新/config/general/高级设置中的git可执行路径。
CVSS Information
N/A
Vulnerability Type
N/A