Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml).
References
Link | Resource |
---|---|
https://github.com/Fndroid/clash_for_windows_pkg | Product |
https://github.com/Fndroid/clash_for_windows_pkg/issues/3891 | Exploit Issue Tracking |
Configurations
History
No history.
Information
Published : 2023-02-23 22:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-24205
Mitre link : CVE-2023-24205
CVE.ORG link : CVE-2023-24205
JSON object : View
Products Affected
clash_project
- clash
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource