Описание
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.
Ссылки
- Patch
- Release Notes
- Release Notes
- ExploitThird Party Advisory
- Patch
- Release Notes
- Release Notes
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:konghq:insomnia:2023.4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
7.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-114
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.
EPSS
Процентиль: 12%
0.0004
Низкий
7.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-114