Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks
1 min read
Jun 23, 2021
Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE). This discovery highlights the fact that developers of such applications must put in a high level of scrutiny to ensure their security.
"Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for a supply-chain attack," Positive Security co-founder Fabian Bräunlein said in a technical write-up published today. "The native PlingStore application is affected by an RCE vulnerability, which can be triggered from any website while the app is running."
The link for this article located at The Hacker News is no longer available.
Related Articles
1 - 0 min read
Linux xz/liblzma Utility Backdoor Risks SSH Compromise
1 - 0 min read
Multiple Chromium DoS, Info Disclosure Vulns Fixed [Updated]
1 - 0 min read
RunC Container Escape Flaws Grant Attackers Host Access
