Security researchers have reported an unpatched critical vulnerability in the FOSS (Free and Open-Source Software) Pling-based application stores for Linux.
The vulnerability allows attackers to remotely execute code and can potentially be used for attacks on the supply chain.
“Pling’s Linux app stores are vulnerable to cross-site scripting worms and can potentially be used in supply chain attacks. The native PlingStore application is vulnerable to remote code execution, which can be carried out from any site while the application is running, ” explained Fabian Bräunlein, co-founder of Positive Security.
The vulnerability affects the following app stores:
PlingStore allows users to find and install Linux software, themes, icons and extensions that cannot be downloaded from the distribution’s software centre.
Catch up on more articles here
Follow us on Twitter here