Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions < V10.18.7), Mendix Studio Pro 10.6 (All versions < V10.6.24), Mendix Studio Pro 11 (All versions < V11.0.0), Mendix Studio Pro 8 (All versions < V8.18.35), Mendix Studio Pro 9 (All versions < V9.24.35). A zip path traversal vulnerability exists in the module installation process of Studio Pro. By crafting a malicious module and distributing it via (for example) the Mendix Marketplace, an attacker could write or modify arbitrary files in directories outside a developer’s project directory upon module installation.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Mendix Studio Pro 路径遍历漏洞
Vulnerability Description
Mendix Studio Pro是美国Mendix公司的一个可视化模型驱动的IDE。 Mendix Studio Pro 10存在路径遍历漏洞,该漏洞源于模块安装过程中的zip路径遍历,可能导致任意文件写入或修改。以下产品及版本受到影响:V10.23.0之前版本、10.12 V10.12.17之前版本、10.18 V10.18.7之前版本、10.6 V10.6.24之前版本、11所有版本、8 V8.18.35之前版本和9 V9.24.35之前版本。
CVSS Information
N/A
Vulnerability Type
N/A