Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Csmock: command injection vulnerability in csmock-plugin-snyk
Vulnerability Description
A vulnerability was found in csmock where a regular user of the OSH service (anyone with a valid Kerberos ticket) can use the vulnerability to disclose the confidential Snyk authentication token and to run arbitrary commands on OSH workers.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
csmock 安全漏洞
Vulnerability Description
csmock是csutils开源的一个通过静态分析工具扫描 SRPM 的工具自动化方式。 csmock存在安全漏洞。攻击者利用该漏洞对 OSH 工作人员执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A