Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:46631
HistoryApr 26, 2024 - 6:59 a.m.

Arbitrary Command Execution

2024-04-2606:59:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
less
vulnerability
command execution
shell_quote
filename.c
command-line utility

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

less is vulnerable to Arbitrary Command Execution.The vulnerability is due to the omission of shell_quote calls for LESSCLOSE in the close_altfile function within the filename.c file of the less command-line utility, allows attackers to execute arbitrary commands.