Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames.
Software | From | Fixed in |
---|---|---|
weex / weex | 2.6.1 | 2.6.1.x |
weex / weex | 2.6.1.5 | 2.6.1.5.x |