mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
37 lines
1.7 KiB
JSON
37 lines
1.7 KiB
JSON
{
|
|
"id": "CVE-2024-41997",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-10-14T16:15:03.640",
|
|
"lastModified": "2024-10-15T12:57:46.880",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell` intent that when clicked by the victim results in command execution on the victim's machine."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se descubri\u00f3 un problema en la versi\u00f3n de Warp Terminal anterior a 2024.07.18 (v0.2024.07.16.08.02). Existe una vulnerabilidad de inyecci\u00f3n de comandos en la funcionalidad de integraci\u00f3n de Docker. Un atacante puede crear un hiperv\u00ednculo especialmente manipulado utilizando la intenci\u00f3n `warp://action/docker/open_subshell` que, cuando la v\u00edctima hace clic en \u00e9l, da como resultado la ejecuci\u00f3n del comando en la m\u00e1quina de la v\u00edctima."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://docs.warp.dev/features/integrations-and-plugins#docker",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://docs.warp.dev/getting-started/changelog#id-2024.07.18-v0.2024.07.16.08.02",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://gist.github.com/bhyh/d1ee7a825fce283bf8acbdb42c8a7832",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/warpdotdev/warp",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |