Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Weblate has an argument injection in management console
Vulnerability Description
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management console.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Vulnerability Type
参数注入或修改
Vulnerability Title
Weblate 参数注入漏洞
Vulnerability Description
Weblate是Weblate开源的一个 Copyleft 的基于 web 的自由软件持续本地化系统。 Weblate 5.16.0之前版本存在参数注入漏洞,该漏洞源于SSH管理控制台在添加SSH主机密钥时未验证输入,可能导致参数注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A