CVE-2026-23520

CRITICAL9.0EPSS 0.04%

Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE in github.com/getarcaneapp/arcane/backend

發布日:2026/1/15修改日:2026/3/3

描述

Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE in github.com/getarcaneapp/arcane/backend

受影響套件(2)

Go/github.com/getarcaneapp/arcane/backendfrom 0, < 0.0.0-20260114065515-5a9c2f92e11f
Go/github.com/getarcaneapp/arcane/backendfrom 0, < 0.0.0-20260114065515-5a9c2f92e11f

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

參考連結(6)