Описание
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the warp://action/docker/open_subshell intent that when clicked by the victim results in command execution on the victim's machine.
EPSS
6.6 Medium
CVSS3
Дефекты
Связанные уязвимости
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell` intent that when clicked by the victim results in command execution on the victim's machine.
Уязвимость компонента Docker Integration эмулятора терминала Warp, позволяющая нарушителю выполнить произвольный код
EPSS
6.6 Medium
CVSS3