CVE-2024-42029
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Summary
CVE-2024-42029 is a new vulnerability affecting the xdg-desktop-portal-hyprland software, a XDG Desktop Portal backend for Hyprland, before version 1.3.3. This issue permits an attacker to execute operating system commands through environmental variables. Specifically, the software fails to use single quotes when sending a list of application IDs and titles, creating a security loophole that can be exploited. The vulnerability could lead to serious consequences, including unauthorized access, data theft, or system compromise. Users are advised to update their software to the latest version to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.