Skip to content

Linux Pling Problems

Posted by: GuidePoint Security

< 1 min read

Last week security researchers announced the discovery of an unpatched flaw affecting Pling marketplaces for Linux platforms. The vulnerability is cited as having the capability to stage a supply-chain attack and achieve remote code execution (RCE). The Pling-based app stores affected by the flaw include:

  • appimagehub.com
  • store.kde.org
  • gnome-look.org
  • xfce-look.org
  • pling.com

The bug is related to how the marketplace listings parse HTML or embedded media files, which could enable an attack or the injection of malicious JavaScript code. Researchers point out that the flaw could also allow for a supply-chain attack involving an XSS worm with an exploited JavaScript payload that would upload trojanized versions of the software to a listing to include and propagate attack code.

Next Steps

GuidePoint Security advises businesses to consider vulnerability management as a service (VMaaS) to help manage the constant onslaught of vulnerabilities and zero-days. Another way to understand and identify vulnerabilities in an enterprise system is through penetration testing. In addition, users are reminded that there are risks with software marketplaces and even minor issues can lead to significant attack vectors.

Check out our other blog posts from this past week.

Categories: Blog Cybersecurity

GuidePoint Security

Countering The Threat Of Spear-Phishing
With Spear-Phishing, many organizations feel like their tools will help them stop the attacks. This is true at some levels, […]
Download

Related Articles

View All

  • Security Awareness & Education
Countering The Threat Of Spear-Phishing
Read More < 1 min read
  • Blog
Wormable Ransomware: Cybersecurity Week in Review—06/21/21
Posted by: GuidePoint Security
Read More 2 min read
  • Vulnerability Management & Penetration Testing
Examining the Difference Between CTEM and Vulnerability Management
Posted by: Chris Peltz
Read More 3 min read