Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access
Vulnerability Description
OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability restrictions, exposing standard libraries such as 'os' and 'io' to untrusted portrayal catalogues. An attacker can provide a malicious S-100 portrayal catalogue containing Lua scripts that execute arbitrary commands with the privileges of the OpenS100 process when a user imports the catalogue and loads a chart.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
暴露危险的方法或函数
Vulnerability Title
OpenS100 安全漏洞
Vulnerability Description
OpenS100是S-100Viewer个人开发者的一个IHO S-101 ENC查看器。 OpenS100存在安全漏洞,该漏洞源于未受限制的Lua解释器,可能导致攻击者通过恶意S-100描述目录执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A