漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Misconfiguration in node.js causing a code execution in WD Discovery
Vulnerability Description
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability, enabling code execution within WD Discovery application's context. WD Discovery version 5.0.589 addresses this issue by disabling certain features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Western Digital Discovery 安全漏洞
Vulnerability Description
Western Digital Discovery(WD Discovery)是美国西部数据(Western Digital)公司的一款用于Western Digital个人存储设备的远程连接管理工具。 Western Digital Discovery 5.0.589之前版本存在安全漏洞,该漏洞源于存在配置错误,可能允许通过使用环境变量来执行代码。
CVSS Information
N/A
Vulnerability Type
N/A