Описание
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-22970
- https://github.com/bottlesdevs/Bottles/issues/2463
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N24KI3O3FWGKJSLATY35ZM3CHSABJ6WE
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJZEE4RAAK7OPVQNE4BOWUVQDVSZU6NJ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N24KI3O3FWGKJSLATY35ZM3CHSABJ6WE
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJZEE4RAAK7OPVQNE4BOWUVQDVSZU6NJ
Связанные уязвимости
CVSS3: 7.8
nvd
больше 2 лет назад
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.