漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
Vulnerability Description
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L
Vulnerability Type
XML注入(XPath盲注)
Vulnerability Title
FontTools 安全漏洞
Vulnerability Description
FontTools是FontTools开源的一个用 Python 编写的用于操作字体的库。 FontTools 4.33.0版本至4.60.2之前版本存在安全漏洞,该漏洞源于处理恶意.designspace文件时存在任意文件写入,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A