2 matches found
CVE-2024-32487
CVE-2024-32487 affects the less utility. The issue allows OS command execution via a newline character in a file name due to faulty quoting in filename.c (affecting versions up to 653). Exploitation typically requires attacker-controlled file names (e.g., from an untrusted archive) and the LESSOP...
CVE-2022-48624
CVE-2022-48624 affects the less utility (filename.c close_altfile) in versions prior to 606, where shell_quote handling for LESSCLOSE is omitted, enabling potential local command-injection via crafted filenames. Connected sources confirm the issue and show remediation guidance: upgrade to less 60...