Lihnucs

**Name of the Vulnerable Software and Affected Versions** DevToys versions 2.0.0.0 through 2.0.8.0 **Description** DevToys, a desktop application for developers, contains a path traversal flaw in its extension installation process. When handling extension packages (NUPKG archives), the application inadequately validates file paths within the archive. A specially crafted extension package containing malicious file entries, such as `../../…/target-file`, could allow an attacker to write files outside the intended extensions directory. This could lead to overwriting arbitrary files on the user’s system with the privileges of the DevToys process, potentially resulting in code execution, configuration changes, or data corruption. The vulnerability is triggered when processing extension packages and involves insufficient validation of file paths within the archive. The vulnerable component is the extension installation mechanism. **Recommendations** DevToys versions 2.0.0.0 through 2.0.8.0 should be updated to version 2.0.9.0 or later.

**Name of the Vulnerable Software and Affected Versions** Greenshot versions 1.3.310 and below **Description** Greenshot is a Windows screenshot utility. Versions 1.3.310 and below are susceptible to an OS Command Injection issue due to inadequate sanitization of filenames. The `FormatArguments` function within the `ExternalCommandDestination.cs` file (line 269) utilizes `string.Format()` to incorporate user-provided filenames directly into shell commands without proper sanitization. This allows attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. The issue is addressed in version 1.3.311. **Recommendations** Versions prior to 1.3.311 are vulnerable. Update Greenshot to version 1.3.311 or later.