gwsw/less

gwsw/less

greenwoodsoftware.com

Releases452

Frequency3 weeks 4 days

Last Release 15 days ago

Stars717

Less - text pager

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-32487 ↗	Apr 13, 2024Saturday, 13 April 2024, 15:15	8.6 HIGH	—
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
CVE-2022-48624 ↗	Feb 19, 2024Monday, 19 February 2024, 01:15	7.8 HIGH	—
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
CVE-2022-46663 ↗	Feb 7, 2023Tuesday, 7 February 2023, 21:15	7.5 HIGH	—
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.