Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mise has a local settings bypass config trust checks
Vulnerability Description
mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted and then reach dangerous directives such as [env] _.source, templates, hooks, or tasks.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
mise-en-place 访问控制错误漏洞
Vulnerability Description
mise-en-place是jdx个人开发者的一个开发环境管理工具,支持多语言版本、环境变量和任务管理。 mise-en-place 2026.2.18至2026.4.5版本存在访问控制错误漏洞,该漏洞源于信任检查运行前从本地项目.mise.toml加载信任控制设置,可能导致攻击者通过放置恶意.mise.toml文件来执行危险指令。
CVSS Information
N/A
Vulnerability Type
N/A