CVE-2023-35174 — HIGH (8.6)

Q: How severe is CVE-2023-35174?

CVE-2023-35174 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-35174?

Check the references section above for vendor advisories and patch information. Affected products include: Livebook Livebook, Microsoft Windows.

Vulnerability Description

Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Livebook	Livebook	>= 0.8.0, < 0.8.2
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2023-35174?

CVE-2023-35174 is a vulnerability with a CVSS score of 8.6 (HIGH). Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers...

How severe is CVE-2023-35174?

CVE-2023-35174 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-35174?

Check the references section above for vendor advisories and patch information. Affected products include: Livebook Livebook, Microsoft Windows.