You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TL;DR: CRLFsuite is vulnerable to privilege escalation because it tries to access a file without quotation marks. More specifically, when I run crlfsuite --help, python tries to run:
This vulnerability isn't super serious because crlfsuite doesn't need to be ran as Administrator at any point, and no "default" Windows configuration makes this exploitable. Old Windows versions (such as Windows 8.1) are still vulnerable though.
The text was updated successfully, but these errors were encountered:
Please see the readme of this project: https://github.com/ItsIgnacioPortal/Improper-Quotes-Monitor
TL;DR: CRLFsuite is vulnerable to privilege escalation because it tries to access a file without quotation marks. More specifically, when I run
crlfsuite --help
, python tries to run:but because the path was not quoted properly, it actually runs:
This vulnerability isn't super serious because crlfsuite doesn't need to be ran as Administrator at any point, and no "default" Windows configuration makes this exploitable. Old Windows versions (such as Windows 8.1) are still vulnerable though.
The text was updated successfully, but these errors were encountered: