Описание
360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:360totalsecurity:360_total_security:3.5.0.1033:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00261
Низкий
6.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.3
github
больше 3 лет назад
** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system("CMD") or os.system("PowerShell"), within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue.
EPSS
Процентиль: 49%
0.00261
Низкий
6.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
NVD-CWE-noinfo