Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write
Vulnerability Description
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Unstructured 安全漏洞
Vulnerability Description
Unstructured是Unstructured开源的一个非结构化数据的开源预处理工具。 unstructured 0.18.18之前版本存在安全漏洞,该漏洞源于partition_msg函数存在路径遍历,可能导致处理恶意MSG文件时写入或覆盖任意文件。
CVSS Information
N/A
Vulnerability Type
N/A