You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Name: less CVEs: CVE-2024-32487 CVSSs: n/a Action Needed: update to >= 643-r2
Summary: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
Name: less
CVEs: CVE-2024-32487
CVSSs: n/a
Action Needed: update to >= 643-r2
Summary: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
refmap.gentoo: https://bugs.gentoo.org/929210
The text was updated successfully, but these errors were encountered: