CVE-2024-42029

Name of the Vulnerable Software and Affected Versions xdg-desktop-portal-hyprland versions prior to 1.3.3

Description The issue allows OS command execution due to the lack of single quotes when sending a list of app IDs and titles via the environment. This can be exploited because of how the environment variables are handled.

Recommendations For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of environment variables that may be used to send app IDs and titles to minimize the risk of exploitation.