CVE-2024-23749

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 9, 2024

Updated: Feb 14, 2024

CWE ID 77

Summary

CVE-2024-23749 is a command injection vulnerability affecting KiTTY versions 0.76.1.13 and older. The issue arises due to insufficient input sanitization and validation, allowing an attacker to inject malicious code by adding inputs inside the filename variable. This vulnerability occurs at lines 2369-2390 and results in arbitrary code execution, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uO4oVV
https://www.cve.org/CVERecord?id=CVE-2024-23749
https://nvd.nist.gov/vuln/detail/CVE-2024-23749

Back to Vulnerability Database

CVE-2024-23749

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations