Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets
Vulnerability Description
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "`Analysis - SonarCloud`" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
OTCLient 注入漏洞
Vulnerability Description
OTCLient是用 C++20 和 Lua 编写的 otserv 的替代 tibia 客户端,采用模块化系统制成,使用 lua 脚本实现游戏内界面和功能。 OTCLient存在注入漏洞。攻击者利用该漏洞在运行器上远程运行命令、泄露机密并使用此工作流程更改存储库。
CVSS Information
N/A
Vulnerability Type
N/A