漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to child_process.exec without validation, leading to possible RCE. NOTE: this is disputed by the Supplier because the behavior only allows a local user to attack himself via a local plugin. The local build procedure, which is essential to the attack, is not executed for plugins shared to the Figma Community.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Figma Desktop 安全漏洞
Vulnerability Description
Figma Desktop是Figma公司的一个矢量图形编辑器和原型设计工具。 Figma Desktop for Windows 125.6.5版本存在安全漏洞,该漏洞源于本地插件加载器存在命令注入漏洞,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A