Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution
Vulnerability Description
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
CWE-1385
Vulnerability Title
eDEX-UI 访问控制错误漏洞
Vulnerability Description
eDEX-UI是法国Gabriel Saillard个人开发者的一个全屏、跨平台的终端仿真器和系统监视器。 eDEX-UI 2.2.8版本及之前版本存在安全漏洞,该漏洞源于容易受到跨网站网络劫持的影响,恶意网站可以连接到eDEX的内部终端控制websocket,并向shell发送任意命令。
CVSS Information
N/A
Vulnerability Type
N/A