GHSA-j42f-wc6v-5xpq

Опубликовано: 17 окт. 2024

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Duplicate Advisory: Permissive Regular Expression in tacquito

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2024-49400
https://www.facebook.com/security/advisories/cve-2024-49400

Пакеты

Наименование

github.com/tacquito/tacquito

Затронутые версииВерсия исправления

< 0.0.0-20241011192817-07b49d1358e6

0.0.0-20241011192817-07b49d1358e6

9.8 Critical

CVSS3

9.8 Critical

CVSS3