GHSA-364c-vvqx-446c

Опубликовано: 20 сент. 2023

Источник: github

Github: Прошло ревью

CVSS3: 7.8

Описание

Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device

An issue was discovered in Croc before 9.6.16. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.

Ссылки

Пакеты

Наименование

github.com/schollz/croc/v9

Затронутые версииВерсия исправления

< 9.6.16

9.6.16

EPSS

Процентиль: 11%

0.00038

Низкий

7.8 High

CVSS3

CVE ID

CVE-2023-43620

Дефекты

CWE-116

Связанные уязвимости

CVE-2023-43620

CVSS3: 7.8

nvd

больше 2 лет назад

An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.

CVE-2023-43620

CVSS3: 7.8

debian

больше 2 лет назад

An issue was discovered in Croc through 9.6.5. A sender may place ANSI ...

EPSS

Процентиль: 11%

0.00038

Низкий

7.8 High

CVSS3

CVE ID

CVE-2023-43620

Дефекты

CWE-116