CVE-2023-40299
First published: Wed Oct 04 2023(Updated: )
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Konghq Insomnia | =2023.4.0 | |
| Apple macOS | ||
| All of | ||
| Apple macOS | ||
| Konghq Insomnia | =2023.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Kong Insomnia vulnerability?
The vulnerability ID for this Kong Insomnia vulnerability is CVE-2023-40299.
What are the affected software versions?
The affected software version is Kong Insomnia 2023.4.0 on macOS.
What can attackers do with this vulnerability?
Attackers can execute code, access restricted files, or make requests for TCC permissions using the DYLD_INSERT_LIBRARIES environment variable.
How severe is this vulnerability?
The severity of this vulnerability is high with a CVSS score of 7.8.
How can I fix this vulnerability?
To fix this vulnerability, update to a patched version of Kong Insomnia by following the official release and changelog information provided by the Insomnia team.
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- vendor/konghq
- canonical/konghq insomnia
- version/konghq insomnia/2023.4.0
- vendor/apple
- canonical/apple macos