漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal
Vulnerability Description
A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via xdg-desktop-portal-gtk can write a malicious .jar file to the host file system, set its executable bit, and trigger the handler to execute arbitrary code outside of the sandbox environment.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Canonical Ubuntu Linux 输入验证错误漏洞
Vulnerability Description
Canonical Ubuntu Linux是英国Canonical公司开源的一套Linux操作系统。 Canonical Ubuntu Linux存在输入验证错误漏洞,该漏洞源于输入验证错误,可能导致恶意沙盒应用通过xdg-desktop-portal-gtk访问OpenURI门户,写入恶意.jar文件并设置可执行权限,从而在沙盒外部执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A