发布于3月6日3月6日 Members Huawei EulerOS: CVE-2024-32487: less security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/13/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/13/2025 Description less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. Solution(s) huawei-euleros-2_0_sp9-upgrade-less References https://attackerkb.com/topics/cve-2024-32487 CVE - 2024-32487 EulerOS-SA-2024-1965
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。