CVE-2023-30856

Name of the Vulnerable Software and Affected Versions eDEX-UI versions 2.2.8 and prior

Description eDEX-UI is a science fiction terminal emulator that is vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of the time of publication, there are no plans to patch this issue and release a new version.

Recommendations For versions 2.2.8 and prior, consider shutting down eDEX-UI when browsing the web to minimize the risk of exploitation. Ensure the eDEX terminal runs with the lowest possible privileges to reduce potential damage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.