xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment.
References
Configurations
No configuration.
History
01 Aug 2024, 13:59
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.3 |
CWE | CWE-78 |
29 Jul 2024, 14:12
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
27 Jul 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-27 04:15
Updated : 2024-08-01 13:59
NVD link : CVE-2024-42029
Mitre link : CVE-2024-42029
CVE.ORG link : CVE-2024-42029
JSON object : View
Products Affected
No product.
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')