PT-2024-28008 · Gnu+1 · Gnu Global+1
U32I
·
Published
2024-06-16
·
Updated
2024-07-22
·
CVE-2024-38448
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GNU Global versions 6.6.12 and earlier
Description
The issue allows code execution in situations where
dbpath (also known as -d) is untrusted, because shell metacharacters may be used. This can lead to execution of code when dbpath is not trusted.Recommendations
For GNU Global versions 6.6.12 and earlier, as a temporary workaround, consider restricting the use of the
dbpath parameter to minimize the risk of exploitation. Avoid using untrusted input for the dbpath parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Gnu Global