CVE-2024-42029

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Jul 27, 2024
Updated: Aug 1, 2024
CWE ID 78

Summary

CVE-2024-42029 is a new vulnerability affecting the xdg-desktop-portal-hyprland software, a XDG Desktop Portal backend for Hyprland, before version 1.3.3. This issue permits an attacker to execute operating system commands through environmental variables. Specifically, the software fails to use single quotes when sending a list of application IDs and titles, creating a security loophole that can be exploited. The vulnerability could lead to serious consequences, including unauthorized access, data theft, or system compromise. Users are advised to update their software to the latest version to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share