You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
在 2021年6月6日,13:15,gledos ***@***.***> 写道:
中科天齐Wukong(悟空)声称 rainbow fart 具有漏洞,请问这会影响用户吗?
最后,确定了名为Rainbow Fart的扩展程序具有zip slip漏洞,该漏洞使攻击者可以覆盖受害者计算机上的任意文件,并获得远程执行代码权限。一个特殊制作的ZIP文件通过插件使用的“import-voice-package”端点发送,并被写入扩展的工作目录之外的位置。这种攻击可能被用来覆盖‘.Bashrc’并获得远程代码执行权限。
VSCode扩展发现新漏洞 代码安全检测防御软件威胁 - 中科天齐Wukong(悟空)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
中科天齐Wukong(悟空)声称 rainbow fart 具有漏洞,请问这会影响用户吗?
VSCode扩展发现新漏洞 代码安全检测防御软件威胁 - 中科天齐Wukong(悟空)
The text was updated successfully, but these errors were encountered: