Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
oma-topic: name Field in Topic Manifests (topic.json) May Allow CRLF Injection
Vulnerability Description
oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) from remote repository servers, registering them as APT source entries. However, the name field in said metadata were not checked for transliteration. In this case, a malicious party may supply a malformed Topic Manifest, which may cause malicious APT source entries to be added to /etc/apt/sources.list.d/atm.list as oma-topics finishes fetching and registering metadata. This vulnerability is fixed in 1.25.2.
CVSS Information
N/A
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
oma 注入漏洞
Vulnerability Description
oma是AOSC-Dev开源的一个AOSC OS的包管理器。 oma 1.25.2之前版本存在注入漏洞,该漏洞源于oma-topics未检查元数据中的name字段音译,可能导致恶意APT源条目被添加到系统。
CVSS Information
N/A
Vulnerability Type
N/A