PT-2024-20850 · Sublime Text · Sublime Text
Ryukrg1
·
Published
2024-11-11
·
Updated
2024-12-24
·
CVE-2024-25255
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sublime Text version 4
Description
A command injection issue was found in Sublime Text via the New Build System module. It is noted that multiple third parties report this behavior as intended.
Recommendations
For Sublime Text version 4, as a temporary workaround, consider disabling the New Build System module until further clarification or a patch is available. Restrict access to the New Build System module to minimize the risk of exploitation.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sublime Text