Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
Vulnerability Description
Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Livebook 操作系统命令注入漏洞
Vulnerability Description
Livebook是一个用于编写交互式和协作代码笔记本的 Web 应用程序。 Livebook存在操作系统命令注入漏洞,该漏洞源于允许攻击者利用Desktop的协议处理程序执行任意命令。受影响的产品和版本:Livebook 0.8.0版本,0.8.1版本,0.9.0版本,0.9.1版本,0.9.2版本。
CVSS Information
N/A
Vulnerability Type
N/A