Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command Injection via `format` option in screenshot-desktop
Vulnerability Description
screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary command execution with the privileges of the calling process. This vulnerability is fixed in 1.15.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
screenshot-desktop 命令注入漏洞
Vulnerability Description
screenshot-desktop是Ben Evans个人开发者的一个屏幕截图软件。 screenshot-desktop存在命令注入漏洞,该漏洞源于format选项未清理用户输入,可能导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A