Advisories

Discover Security Vulnerabilities News

Discover How To Secure My Firewall HOWTOs

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

Unpatched Flaw in Linux Pling Store Apps Could Lead to Supply-Chain Attacks

Cybersecurity researchers have disclosed a critical unpatched vulnerability affecting Pling-based free and open-source software (FOSS) marketplaces for Linux platform that could be potentially abused to stage supply-chain attacks and achieve remote code execution (RCE). This discovery highlights the fact that developers of such applications must put in a high level of scrutiny to ensure their security.

"Linux marketplaces that are based on the Pling platform are vulnerable to a wormable [cross-site scripting] with potential for a supply-chain attack," Positive Security co-founder Fabian Bräunlein said in a technical write-up published today. "The native PlingStore application is affected by an RCE vulnerability, which can be triggered from any website while the app is running."

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.