CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.
References
Link | Resource |
---|---|
https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md | Exploit Third Party Advisory |
Configurations
History
19 Sep 2023, 13:48
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gnome:gnome-time_tracker:3.0.2:*:*:*:*:*:*:* | |
First Time |
Gnome
Gnome gnome-time Tracker |
|
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md - Exploit, Third Party Advisory |
14 Sep 2023, 18:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-14 17:15
Updated : 2024-09-25 20:35
NVD link : CVE-2023-36250
Mitre link : CVE-2023-36250
CVE.ORG link : CVE-2023-36250
JSON object : View
Products Affected
gnome
- gnome-time_tracker
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')