Описание
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.41.1-2 |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | code not present |
| esm-apps/noble | ignored | changes too intrusive |
| focal | ignored | end of standard support, was needs-triage |
| jammy | not-affected | code not present |
| noble | ignored | changes too intrusive |
| oracular | ignored | end of life, was ignored [changes too intrusive] |
| plucky | ignored | end of life, was ignored [changes too intrusive] |
| questing | needs-triage |
Показывать по
4.1 Medium
CVSS3
Связанные уязвимости
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
open_actions.py in kitty before 0.41.0 does not ask for user confirmat ...
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
Уязвимость файла open_actions.py эмулятора терминала на базе GPU KiTTY, позволяющая нарушителю выполнить произвольный код
4.1 Medium
CVSS3