Описание
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Patch
- ExploitIssue TrackingThird Party Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 3.15.0 (исключая)
Одновременно
cpe:2.3:a:vareille:tiny_file_dialogs:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00096
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-77
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.
EPSS
Процентиль: 27%
0.00096
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-77