Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Catalyst Affected by Remote Code Execution as Root via Containerized Install Script Execution
Vulnerability Description
Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or template.update permission can define arbitrary shell commands that achieve full root-level remote code execution on every node machine in the cluster. This vulnerability is fixed in commit 11980aaf3f46315b02777f325ba02c56b110165d.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Catalyst 操作系统命令注入漏洞
Vulnerability Description
Catalyst是karutoil个人开发者的一个Web应用程序框架。 Catalyst存在操作系统命令注入漏洞,该漏洞源于服务器模板中定义的安装脚本以root权限直接在主机操作系统上执行,可能导致拥有模板创建或更新权限的用户实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A