Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
The Altair Desktop Client Does Not Sanitize External URLs before passing them to the underlying system
Vulnerability Description
Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Altair 输入验证错误漏洞
Vulnerability Description
Altair是 Altair GraphQL开源的一款美观且功能丰富的 GraphQL 客户端 IDE。 Altair 5.2.5之前版本存在输入验证错误漏洞,该漏洞源于应用程序在将外部URL传递到底层系统之前不会对其进行清理操作。
CVSS Information
N/A
Vulnerability Type
N/A