漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element)
Vulnerability Description
vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.1#3, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.1#3.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
vcpkg 代码问题漏洞
Vulnerability Description
vcpkg是Microsoft开源的一个C/C++跨平台包管理工具。 vcpkg 3.6.1#3之前版本存在代码问题漏洞,该漏洞源于Windows版OpenSSL构建将openssldir设置为构建机器上的路径,可能导致该路径在客户机器上受到攻击。
CVSS Information
N/A
Vulnerability Type
N/A