PT-2023-25184 · Livebook · Livebook
Maple3142
·
Published
2023-06-21
·
Updated
2023-06-29
·
CVE-2023-35174
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Livebook versions prior to 0.8.2
Livebook versions prior to 0.9.3
Description
The issue allows arbitrary code execution on a victim's machine when a
livebook:// link is opened from a browser, triggering Livebook Desktop to execute the code. This can happen when a user expects Livebook to be opened from a browser.Recommendations
For versions prior to 0.8.2, update to version 0.8.2 or later.
For versions prior to 0.9.3, update to version 0.9.3 or later.
As a temporary workaround, consider avoiding the use of
livebook:// links from browsers until the issue is resolved.Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Livebook