漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Flatpak has a complete sandbox escape leading to host file access and code execution in the host context
Vulnerability Description
Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to all host files and can be used as a primitive to gain code execution in the host context. This vulnerability is fixed in 1.16.4.
CVSS Information
N/A
Vulnerability Type
CWE-61
Vulnerability Title
Flatpak 安全漏洞
Vulnerability Description
Flatpak是Flatpak开源的一个用于在Linux上构建、分发和运行沙盒桌面应用程序的系统。 Flatpak 1.16.4之前版本存在安全漏洞,该漏洞源于sandbox-expose选项接受应用控制的符号链接,可能导致访问所有主机文件并在主机环境中执行代码。
CVSS Information
N/A
Vulnerability Type
N/A