Vulnerability Description
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vareille | Tinyfiledialogs | < 3.15.0 |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- https://github.com/servo/servo/issues/25498#issuecomment-703527082ExploitIssue TrackingThird Party Advisory
- https://sourceforge.net/p/tinyfiledialogs/code/ci/ac9f9f6d8cdf45ca8d9b4cf1f201eePatch
- https://github.com/servo/servo/issues/25498#issuecomment-703527082ExploitIssue TrackingThird Party Advisory
- https://sourceforge.net/p/tinyfiledialogs/code/ci/ac9f9f6d8cdf45ca8d9b4cf1f201eePatch
FAQ
What is CVE-2023-47104?
CVE-2023-47104 is a vulnerability with a CVSS score of 9.8 (CRITICAL). tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of a...
How severe is CVE-2023-47104?
CVE-2023-47104 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-47104?
Check the references section above for vendor advisories and patch information. Affected products include: Vareille Tinyfiledialogs, Linux Linux Kernel.