漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ClipBucket: Remote Play URL Command Injection
Vulnerability Description
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly into shell commands without escaping then executed, so any shell metacharacter in the URL is interpreted. This results in arbitrary command execution. This issue has been patched in version 5.5.3 - #140.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
ClipBucket V5 操作系统命令注入漏洞
Vulnerability Description
ClipBucket V5是MacWarrior个人开发者的一个视频托管平台。 ClipBucket v5 5.5.3 - #140之前版本存在操作系统命令注入漏洞,该漏洞源于远程播放功能在导入外部URL时未转义直接拼接到shell命令中,可能导致任意命令执行。
CVSS Information
N/A
Vulnerability Type
N/A