Releases455
Frequency3 weeks 4 days
Last Release
Stars723
Less - text pager
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| <= 653 | 8.6 HIGH | — | ||
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. | ||||
| < 606 | 7.8 HIGH | — | ||
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. | ||||
| >= 566, < 609 | 7.5 HIGH | — | ||
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. | ||||
