Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Thor 操作系统命令注入漏洞
Vulnerability Description
Thor是Ruby on Rails开源的一个用于构建命令行界面的工具包。 Thor 1.4.0之前版本存在操作系统命令注入漏洞,该漏洞源于从库输入构造不安全的shell命令,可能导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A