Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.
References
Link | Resource |
---|---|
https://github.com/Kong/insomnia/pull/6217/commits | Patch |
https://github.com/Kong/insomnia/releases | Release Notes |
https://insomnia.rest/changelog | Release Notes |
https://www.angelystor.com/posts/cve-2023-40299/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
20 Sep 2024, 14:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-114 |
12 Oct 2023, 17:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apple
Konghq Apple macos Konghq insomnia |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:konghq:insomnia:2023.4.0:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
References | (MISC) https://insomnia.rest/changelog - Release Notes | |
References | (MISC) https://github.com/Kong/insomnia/pull/6217/commits - Patch | |
References | (MISC) https://github.com/Kong/insomnia/releases - Release Notes | |
References | (MISC) https://www.angelystor.com/posts/cve-2023-40299/ - Exploit, Third Party Advisory |
04 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-04 22:15
Updated : 2024-09-20 14:35
NVD link : CVE-2023-40299
Mitre link : CVE-2023-40299
CVE.ORG link : CVE-2023-40299
JSON object : View
Products Affected
apple
- macos
konghq
- insomnia
CWE