漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Kottster app reinitialization can be re-triggered allowing command injection in development mode
Vulnerability Description
Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Kottster 访问控制错误漏洞
Vulnerability Description
Kottster是kottster开源的一个即时Node.js管理面板。安全、自托管且易于设置。 Kottster 3.2.0版本至3.3.2之前版本存在访问控制错误漏洞,该漏洞源于开发模式下存在预认证远程代码执行漏洞。
CVSS Information
N/A
Vulnerability Type
N/A