CVE-2023-47104: OS Command Injection
First published: Mon Oct 30 2023(Updated: )
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Vareille Tiny File Dialogs | <3.15.0 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-47104.
What is the severity rating for CVE-2023-47104?
CVE-2023-47104 has a severity rating of 9.8 (critical).
What software is affected by CVE-2023-47104?
The affected software is Vareille Tiny File Dialogs version up to exclusive 3.15.0.
What are the references for CVE-2023-47104?
The references for CVE-2023-47104 are: [1](https://github.com/servo/servo/issues/25498#issuecomment-703527082), [2](https://sourceforge.net/p/tinyfiledialogs/code/ci/ac9f9f6d8cdf45ca8d9b4cf1f201ee472301e114/)
How does CVE-2023-47104 impact the software?
CVE-2023-47104 allows shell metacharacters in titles, messages, and other input data in Vareille Tiny File Dialogs.
- agent/references
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/vareille
- canonical/vareille tiny file dialogs
- vendor/linux
- canonical/linux linux kernel