CVE-2023-36250

Опубликовано: 14 сент. 2023

Источник: debian

Описание

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
hamster-time-tracker	unfixed			package

Примечания

https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md
https://github.com/projecthamster/hamster/issues/750
No security impact, responsibility lies within application opening the
resultulting TSV file

Связанные уязвимости

CVE-2023-36250

CVSS3: 7.8

ubuntu

больше 2 лет назад

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.

CVE-2023-36250

CVSS3: 7.8

nvd

больше 2 лет назад

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.

GHSA-v7fv-52xm-3gvg

CVSS3: 7.8

github

больше 2 лет назад

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.