Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Brook's tproxy server is vulnerable to a drive-by command injection.
Vulnerability Description
Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Brook 操作系统命令注入漏洞
Vulnerability Description
Brook是TxThinking个人开发者的一个跨平台可编程网络工具。 Brook存在安全漏洞。攻击者利用该漏洞会欺骗受害者访问恶意网页,这将触发对本地“tproxy”服务的请求,从而导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A