CNNVD-202508-2188 Information

CNNVD ID

CNNVD-202508-2188

Related CVE

CVE-2025-55294

• CNNVD Published: 2025-08-19

Description (Chinese)

screenshot-desktop是Ben Evans个人开发者的一个屏幕截图软件。 screenshot-desktop存在命令注入漏洞，该漏洞源于format选项未清理用户输入，可能导致命令注入。

Description (English)

Screenshot software for Ben Evans personal developers. The screenshot-desktop has a command-injecting loophole, which stems from the fact that the format option does not clean up user input and may result in the command-injecting.

Hazard Level

Low

Vulnerability Type

命令注入

Affected Vendor

个人开发者

Published

2025-08-19

Last Modified

2026-02-24

References

https://github.com/bencevans/screenshot-desktop/commit/59c87b0c175eec76090e6ccde313f4fc5d569b78 https://github.com/bencevans/screenshot-desktop/security/advisories/GHSA-gjx4-2c7g-fm94 https://nvd.nist.gov/vuln/detail/CVE-2025-55294 https://access.redhat.com/security/cve/cve-2025-55294

Patch

https://www.npmjs.com/package/screenshot-desktop