CNNVD-202602-2079 Information
CNNVD ID
CNNVD-202602-2079
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
Arduino App Lab是Arduino开源的一个用于开发Arduino应用程序的集成开发环境。 Arduino App Lab 0.4.0之前版本存在操作系统命令注入漏洞,该漏洞源于终端组件对来自硬件设备的输入数据清理和验证不足,可能导致执行包含shell元字符的特制字符串。
Description (English)
Arduino App Lab is an integrated development environment for the development of the Arduino application at the Arduino Open Source. There is an operational system command leak in the pre-Aduino App Lab 0.40, which results from inadequate data cleansing and validation of input data from hardware equipment by the terminal component, which may lead to the execution of a special string containing shell meta characters.
Vulnerability Type
操作系统命令注入
Affected Vendor
Arduino
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/arduino/arduino-app-lab/releases/tag/al-0.4.0 https://github.com/arduino/arduino-app-lab/security/advisories/GHSA-3652-939f-f7g4
Patch
https://github.com/arduino/arduino-app-lab/releases
Share on: