Less
Vulnerabilities
2
Known exploited
0
Max CVSS
8.6
Top EPSS
0.01059
Severity breakdown
Critical
0
High
2
Medium
0
Low
0
Affected version ranges
< 606≤ 653
Also matched as (raw): less
Top vulnerabilities
CVE-2024-32487less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
CVE-2022-48624close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.