CVE-2024-23749: Command Injection
First published: Fri Feb 09 2024(Updated: )
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
Credit: cve@mitre.org DEFCESCO
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 9bis Kitty | <=0.76.1.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/last-modified-date
- agent/references
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- exploited/true
- collector/exploitdb-recent
- source/ExploitDB
- alias/CVE-2024-23749
- vendor/9bis
- canonical/9bis kitty
- version/9bis kitty/0.76.1.13