Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Clash Verge Rev 安全漏洞
Vulnerability Description
Clash Verge Rev是Clash Verge Rev开源的一个代理工具。 Clash Verge Rev 2.2.3及之前版本存在安全漏洞,该漏洞源于默认安装系统服务并通过未授权HTTP API暴露关键功能,可能导致本地权限提升。
CVSS Information
N/A
Vulnerability Type
N/A