Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Yocto Project Security Advisory - BitBake/Toaster
Vulnerability Description
Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster server (included in bitbake) running, missing input validation allows an attacker to perform a remote code execution in the server's shell via a crafted HTTP request. Authentication is not necessary. Toaster server execution has to be specifically run and is not the default for Bitbake command line builds, it is only used for the Toaster web based user interface to Bitbake. The fix has been backported to the bitbake included with Yocto Project 5.0, 3.1.31, 4.0.16, and 4.3.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Yocto Project poky 操作系统命令注入漏洞
Vulnerability Description
poky是The Yocto Project开源的一款应用程序。 Yocto Project poky4.3.2之前版本存在操作系统命令注入漏洞,该漏洞源于缺少输入验证。攻击者利用该漏洞通过特制的HTTP在服务器的 shell 中远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A