Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Soft Serve does not sanitize ANSI escape sequences in user input
Vulnerability Description
Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data (e.g. names) and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. This issue is fixed in version 0.10.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
转义、元或控制序列转义处理不恰当
Vulnerability Title
Soft Serve 安全漏洞
Vulnerability Description
Soft Serve是Charm开源的一个可自托管的命令行 Git 服务器。 Soft Serve 0.10.0之前版本存在安全漏洞,该漏洞源于未移除ANSI转义序列和未清理git消息,可能导致伪造警报攻击。
CVSS Information
N/A
Vulnerability Type
N/A