Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop
Vulnerability Description
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening the sb3 file or loading the extension. The web version of TurboWarp is not affected. This bug has been addressed in commit `55e07e99b59` after an initial fix which was reverted. Users are advised to upgrade to version 1.8.0 or later. Users unable to upgrade should avoid opening sb3 files or loading extensions from untrusted sources.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
TurboWarp 安全漏洞
Vulnerability Description
TurboWarp是TurboWarp开源的一款应用程序。 TurboWarp 1.8.0之前版本存在安全漏洞,该漏洞源于允许恶意项目或自定义扩展从磁盘读取任意文件并将其上传到远程服务器。
CVSS Information
N/A
Vulnerability Type
N/A