First published: Fri Feb 09 2024(Updated: )
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
Credit: cve@mitre.org DEFCESCO
Affected Software | Affected Version | How to fix |
---|---|---|
9bis Kitty | <=0.76.1.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.