An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| aliyundrive-webdav(crates.io) | 0 | N/A | N/A |
| aliyundrive-webdav(PyPI) | 0 | N/A | N/A |
CVSS Metrics
