Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
parseusbs < 1.9 Command Injection via Volume Path Argument
Vulnerability Description
parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary command injection via crafted volume path arguments containing shell metacharacters. An attacker can provide a crafted volume path via the -v flag that injects arbitrary commands during volume content enumeration.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
parseusbs 操作系统命令注入漏洞
Vulnerability Description
parseusbs是Khyrenz Ltd个人开发者的一个USB连接记录取证分析工具。 parseusbs 1.9之前版本存在操作系统命令注入漏洞,该漏洞源于卷列表路径参数未经清理即传递给带有ls的os.popen() shell命令,可能导致通过特制的卷路径参数注入任意命令。
CVSS Information
N/A
Vulnerability Type
N/A