漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion
Vulnerability Description
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to resource exhaustion (disk space or time) if symlinks point to large external directories, unexpected duplication of sensitive data into unintended locations, or infinite recursion and repeated copying in the presence of symlink loops.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
uutils coreutils 后置链接漏洞
Vulnerability Description
uutils coreutils是Uutils开源的一个跨平台核心命令行工具集。 uutils coreutils存在后置链接漏洞,该漏洞源于mv跨文件系统边界移动时错误处理包含符号链接的目录树,可能导致资源耗尽、敏感数据意外复制或无限递归。
CVSS Information
N/A
Vulnerability Type
N/A