Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Manyfold vulnerable to OS command injection via ZIP filename in f3d render
Vulnerability Description
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter in its name. The filename reaches a Ruby backtick call unsanitized. Version 0.133.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Manyfold 操作系统命令注入漏洞
Vulnerability Description
Manyfold是Manyfold开源的一个自托管网络应用。 Manyfold 0.133.0之前版本存在操作系统命令注入漏洞,该漏洞源于文件名未清理,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A