N/A

Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation.

N/A

N/A

Clash Verge Rev 安全漏洞

Clash Verge Rev是Clash Verge Rev开源的一个代理工具。 Clash Verge Rev 2.2.3及之前版本存在安全漏洞，该漏洞源于默认安装系统服务并通过未授权HTTP API暴露关键功能，可能导致本地权限提升。

N/A

N/A