PT-2023-25184 · Livebook · Livebook

Maple3142

Publicado

2023-06-21

Atualizado

2023-06-29

CVE-2023-35174

CVSS v3.1

8.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Name of the Vulnerable Software and Affected Versions Livebook versions prior to 0.8.2 Livebook versions prior to 0.9.3

Description The issue allows arbitrary code execution on a victim's machine when a livebook:// link is opened from a browser, triggering Livebook Desktop to execute the code. This can happen when a user expects Livebook to be opened from a browser.

Recommendations For versions prior to 0.8.2, update to version 0.8.2 or later. For versions prior to 0.9.3, update to version 0.9.3 or later. As a temporary workaround, consider avoiding the use of livebook:// links from browsers until the issue is resolved.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2023-35174

GHSA-564W-97R7-C6P9

Produtos afetados

Livebook

PT-2023-25184 · Livebook · Livebook

CVE-2023-35174

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10