Published: 2022/10/20 Last Updated: 2022/10/28

Information from kujirahand

Vulnerability ID:JVN#56968681
Title:Multiple vulnerabilities in nadesiko3
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

We provide information on these vulnerabilities at the following URLs.

In the PC version of Nadeshiko 3, executing "compression" and "decompression" command could cause a command injection.
Fixed in v3.3.69.

Improper check or handling of exceptional conditions in nako3edit is fixed in v3.3.75.

OS command injection vulnerability via "file" parameter in nako3edit is fixed in v3.3.75.

update history

2022/10/20
2022/10/28